Sign up

1 Privacy Policy
2 Account Information
  • To help us deliver the best service to you, please select your location/place of habitual residence.

  • Terms of Service

    Last updated: 2021-10-15 18:40:59

    TENCENT CLOUD TERMS OF SERVICE

    Welcome, and thank you for your interest in the online services collectively known as Tencent Cloud, along with any related websites, networks, applications, and other services provided by Tencent (collectively, the “Services”). These Terms of Service are a legally binding contract between you and Tencent regarding your use of the Services. For the purposes of these Terms of Service, “Tencent,” “we,” “our,” and “us” refer to the applicable Tencent contracting entity set forth in Section 3.

    PLEASE READ THE FOLLOWING TERMS CAREFULLY.

    BY CLICKINGI ACCEPT,” OR BY DOWNLOADING, INSTALLING, OR OTHERWISE ACCESSING OR USING THE SERVICES, YOU AGREE THAT YOU HAVE READ AND UNDERSTOOD, AND, AS A CONDITION TO YOUR USE OF THE SERVICES, YOU AGREE TO BE BOUND BY, THE FOLLOWING TERMS AND CONDITIONS, INCLUDING the then-current additional terms applicable to the Services posted online here, including the Privacy Policy, Data Privacy and Security Agreement, Acceptable Use Policy, Copyright Policy, the PRC Service Region Terms, the North America Terms, the EEA Consumer Terms, the Germany Terms, any Service-specific terms, and the Service Level Agreement (collectively, “Additional Terms,” and together with these Terms of Service, the “Terms”). Please see our Privacy and Cookies Policy for further information regarding our use of your personal information submitted to or via the Services. If you are not eligible, or do not agree to the Terms, then you do not have Tencent’s permission to use the Services. YOUR USE OF THE SERVICES, AND TENCENT’S PROVISION OF THE SERVICES TO YOU, CONSTITUTES AN AGREEMENT BY TENCENT AND BY YOU TO BE BOUND BY THESE TERMS.

    1. THE SERVICES AND APPLICATIONS. The Services are further described at http://intl.cloud.tencent.com, and include: (a) the documentation for the Services (as may be updated from time to time) in the form generally made available by Tencent to its customers for use with the Services; (b) the APIs, mobile applications, and Software provided by Tencent in connection with the Services; and (c) any additional services purchased by you. The Services allow you to create applications using the Services or run applications on the Services (“Applications”). Applications include any application that runs on the Services and any source code written by you to be used with the Services or otherwise hosted on Tencent Cloud.

    2. ELIGIBILITY. You must be at least 18 years old to use the Services. By agreeing to these Terms, you represent and warrant to us that: (a) you are at least 18 years old; (b) you have not previously been suspended or removed from the Services; and (c) your registration and your use of the Services is in compliance with any and all applicable laws and regulations. If you are an entity, organization, or company, the individual accepting these Terms on your behalf represents and warrants that they have authority to bind you to these Terms and you agree to be bound by these Terms.

    3. CONTRACTING ENTITY; GOVERNING LAW

    (a)The country specified in your registered billing information determines: (i) the Tencent entity with which you are contracting under these Terms and (ii) the governing law that applies to these Terms and your use of the Services, as set forth in the table below.

    Your Location Tencent Contracting Entity Governing Law
    European Economic Area and Switzerland Tencent Cloud Europe B.V., a Dutch registered company located at Atrium Building,8th Floor, Strawinskylaan 3127, 1077 ZX, Amsterdam, the Netherlands England and Wales
    North America Tencent Cloud LLC, a Delaware corporation registered company located at Claremont2747 Park Blvd, Palo Alto, CA 94306. California, USA
    South Korea Tencent Korea Yuhan Hoesa, 152, Taeheran-ro, Gangnam-gu (Gangnam Finance Center, Yeoksam-dong), Seoul, Korea Singapore
    Rest of the world Aceville Pte Ltd, a Singapore-registered company located at 1 Fullerton Road, #02-095, One Fullerton Singapore 049213. Singapore
    People's Republic of China Tencent Cloud Computing (Beijing) Co., Ltd. PRC

    (b) The country specified in your registered billing information may cause additional or different terms to apply as follows. If your use of the Services is subject to consumer protections as determined under applicable law, additional terms apply, as set forth in the EEA Consumer Terms and the Germany Terms below. If the country specified in your registered billing information is in North America, you shall be subject to the North America Terms below. In addition to the above, additional or different terms may apply to your use based on your local laws.

    (c) “PRC” means the People’s Republic of China, and for the purpose of these Terms only, does not include Hong Kong, Macau, and Taiwan.

    4. USE OF SERVICES

    (a) Accounts and Registration. When you register for a Tencent Cloud account (“Account”), you may be required to provide us with some information, such as your name, postal address, email address, or other contact information. You agree that the information you provide to us is accurate and that you will keep it accurate and up-to-date at all times. We may deny you the right to create an account.

    (b) End Users Access and License. Any entities or individuals that access the Services under your Account or an Application are referred to in these Terms as “End Users.” You and your authorized End Users may access and use the purchased Services in accordance with these Terms during the Term. If you become aware of any unauthorized use of your Account or the password for your Account, you will notify Tencent as promptly as possible. If you are an entity, organization, or company, you will permit only your employees and contractors to access the Services through your Account. You are responsible for safeguarding any and all Account details and access credentials. Any breach of these Terms or any use of your Account by anyone to whom you disclose your username or password will be treated as if the breach or use had been carried out by you, and will not relieve you of your obligations to us. Tencent may provide downloadable tools, software development kits, sample code, APIs,or other computer software in connection with the Services or with the use of your Account (“Software”). Subject to you and your authorized End Users’ compliance with these Terms, Tencent grants to you and your authorized End Users a limited, non-exclusive, non-transferable, non-sublicensable and revocable license to use Software in a manner not exceeding any applicable usage limitation or term, and within the applicable territory, and only in connection with the Services. To the extent that the Software comes with an end user license agreement, terms of service or other similar agreement governing the use of such Software, you will ensure that it will strictly comply with such agreement.

    (c) Service Regions. Certain Services allow you to select a geographically defined service region in which User Data is stored in order to provide the Services (a "Service Region"). Where a Service Region applies, Tencent will, upon your request, store User Data in the Service Region you select when User Data is being used for the provision of those Services. If your selected Service Region is the PRC, then the PRC Service Region Terms below apply with respect to those Services for which the PRC is the selected Service Region.

    (d) Suspension of Services. If you become aware that any Application (including an End User’s use of an Application) or User Data violates these Terms, including the Additional Terms, you will immediately suspend the Application, remove the User Data, and suspend access by the End User, as applicable. If you fail to do so within twenty-four hours after Tencent sends notice of any violation, Tencent may suspend or disable the Application and disable your Account until that violation is corrected. In the event that Tencent determines that a violation could: (a) disrupt the Services; (b) disrupt use of the Services by a third party; (c) disrupt the Tencent network or servers used to provide the Services; or (d) allow unauthorized third party access to the Services, then Tencent or its Affiliates may immediately without prior notice to you, suspend your Account or the offending Application or End User account, to the minimum extent required to prevent or resolve that violation. "Affiliate" means any entity that directly or indirectly Controls, is Controlled by, or is under common Control with a party, where “Control” means control of greater than fifty percent of the voting rights or equity interests of a party or by way of contract, management agreement, voting trust, or otherwise.

    (e) Service Modifications. Tencent may discontinue or make any changes to the Services at any time. If Tencent discontinues or makes any changes to the Services that would materially decrease the functionality of those Services, Tencent will use commercially reasonable efforts to inform you of the change with reasonable advance notice before it goes into effect, provided that you have subscribed to be informed about those changes. Tencent may make the change, and will not be obligated to provide notice, if the discontinuation or change is necessary to address an emergency or threat to the security or integrity of the Services, comply with or respond to litigation, address Intellectual Property Rights concerns, or comply with the law or government requests. Tencent may provide periodic updates to the Software or Services provided by Tencent from time to time (“Updates”). Tencent may also make new features or functionality available from time to time through the Services and add new services to the Services from time to time (by adding them at the URL set forth under that definition), the use of which may be contingent upon your agreement to additional requirements.

    (f) Security and Privacy. Tencent’s security and privacy practices are available in the Additional Terms. You shall configure and use the Services in a way that meets your security requirements.

    (g) Third Party Applications. You are solely responsible for any software used by you in connection with your use of the Services ("Third Party Software"), including third party software made available in connection with the Services. Tencent is not responsible for and is not liable for any damages or losses arising from the use of the Third Party Software, and Tencent does not endorse, support or guarantee the quality, reliability, or suitability of any Third Party Software. You will comply with any terms and conditions applicable to Third Party Software. Tencent does not provide any technical support for any Third Party Software. Please contact the relevant supplying third party for technical support.

    (h) Access to Your Device. In order for Tencent to provide the Services, Tencent may require access to and use of a device you own or control. For example, Tencent may need to access a device's processor and storage to complete a Software installation. Tencent will provide further information regarding how Tencent Cloud accesses the device within Tencent Cloud. You agree to give Tencent access to the device for these purposes, and you acknowledge that if you do not provide access, Tencent may not be able to provide the Services (or certain features within the Services). You agree that Tencent may use or access Personal Information (as defined in Tencent’s Privacy Policy) within the device in the course of providing Tencent Cloud, and that any Personal Information will be treated in accordance with Tencent’s Privacy Policy.

    5. FEES AND PAYMENTS

    (a) You may, from time to time, be required to make payments to us as part of your use of the Services (“Fees”). Except as otherwise set forth in the EEA Consumer Terms, all Fees are non-refundable. You agree that you are solely responsible for payment of all Fees and all taxes associated with any such payments. All payments made by you shall be made free and clear of and without deduction for any tax. To the extent that you are required by applicable law to make such a deduction or withholding of tax, you shall provide us with an official tax receipt or other appropriate supporting documentation within 30 days after payment of the deduction or withholding tax and increase the amount paid to us to the extent necessary to ensure that we receive a sum equal to the amount we would have received had no such deduction or withholding been made.

    (b) At the time you create an Account or otherwise sign up for Services you may be asked to provide a credit card, and thereafter may be able to link alternative means of payment to your Account (each a “Payment Method”). You agree that (subject to applicable laws and regulations): (i) you authorize us to: (1) save your chosen Payment Method's information (e.g., credit card information) on our systems or that of our payment processor; and (2) periodically bill your chosen Payment Method for Services consumed during the prior month or pursuant to an alternative payment structure we agree to; and (ii) if any payment made via your chosen Payment Method is rejected, denied, not received by us or returned unpaid for any reason: (1) we may suspend or terminate your access to the Services until your payment is properly processed; (2) charges will continue to be incurred and you are liable to us for any fees, costs, expenses or other amounts we incur arising from such rejection, denial or return (and we may charge you for such amounts); and (3) we may charge late fees up to the maximum amount permissible under law. We will present you with an invoice on or about the second day of a given month for Services consumed during the prior month and will charge your Payment Method at the time we issue your invoice.

    (c) Your card issuer may charge you an online handling fee or processing fee in connection with your payment of Fees. We are not responsible for this fee.

    (d) We may change or introduce any charges for the Services at any time after prior notice by publication within the Services. Any new or changed charges will immediately apply to your use of the Services.

    (e) If you and Tencent agree to other payment terms or Payment Methods in writing (including email), then those alternative provisions shall apply in the event of a conflict with this Section.

    6. TECHNICAL SUPPORT AND SERVICE LEVELS

    (a) SLAs. Tencent will provide any related Services in accordance with the relevant services level agreement (“SLA”), if any, set forth in the Additional Terms.

    (b) Support for Services. Except to the extent required by applicable law with respect to consumers, Tencent is under no obligation to provide technical support or other services unless you have purchased support services. You acknowledge and agree that technical support or other services may require you to pay additional costs and other fees.

    (c) Support for Applications. You are responsible for technical support of your Applications.

    7. YOUR OBLIGATIONS

    (a) Compliance. You are solely responsible for your Applications and User Data and for making sure your Applications and User Data comply with these Terms (including the Additional Terms). Tencent reserves the right to review all Applications to ensure your compliance with these Terms. You acknowledge and agree that you are responsible for all use of the Service by End Users, End Users’ access to Applications and User Data, activities under Accounts, and for otherwise ensuring that each End User complies with these Terms.

    (b) Privacy. You will protect the privacy of your End Users in accordance with all applicable laws and regulations, including by communicating a legally adequate privacy notice to End Users. You may have the ability to access, monitor, use, or disclose User Data submitted by End Users through the Services. You will obtain and maintain any required consents from End Users to allow your access, monitoring, use, and disclosure of User Data.

    (c) Restrictions. You will not, and will not allow your Affiliates, employees, and contractors and any third parties under your control, management, supervision, or otherwise to: (a) copy, modify, create a derivative work of, reverse engineer, decompile, translate, disassemble, or otherwise attempt to extract any or all of the source code of the Services (except to the extent such a restriction is expressly prohibited by applicable law, and where you are permitted by law to so reverse engineer, you will contact Tencent to obtain the desired information prior to such reverse engineering); (b) use the Services for the operation of nuclear facilities, air traffic control, or life support systems, where the use or failure of the Services could lead to death, personal injury, or environmental damage; (c) use the Services to benchmark the Services or in any manner that is competitive with the Services; (d) sublicense, resell, or distribute any or all of the Services separate from any integrated Application; or (e) access the Services in a manner intended to avoid incurring Fees or otherwise avoiding usage limitations. To the extent you choose a Service Region that includes the United States, you will not, and will not allow your Affiliates, employees, and contractors and any third parties under your control, management, supervision, or otherwise to: (a) process or store any User Data that is subject to the International Traffic in Arms Regulations maintained by the United States Department of State; or (b) process or store any User Data that is subject to the Health Insurance Portability and Accountability Act of 1996 as it may be amended from time to time, or any regulations issued under it.

    8. INTELLECTUAL PROPERTY RIGHTS AND USER DATA

    (a) Tencent Cloud Intellectual Property Rights. All Intellectual Property Rights in and to the Services, as between you and Tencent, will be owned by Tencent and its licensors. Except as expressly set forth in these Terms and to the extent this can be done under applicable law, Tencent does not grant to you any licenses or other rights, implied or otherwise, in or to Tencent’s Intellectual Property Rights. “Intellectual Property Rights” means all current and future worldwide rights under patent, copyright, trade secret, trademark, or moral rights laws, and other similar rights.

    (b) Tencent Confidential Information.Tencent Confidential Information” means information that Tencent (or an Affiliate) discloses to you under these Terms, and that is marked as confidential or should reasonably be considered confidential based on the nature of the information and the circumstances of its disclosure. You will not disclose the Tencent Confidential Information except to those of your Affiliates, employees, and contractors who need to know the Tencent Confidential Information for the purposes of exercising your rights and performing your obligations under these Terms, and who have agreed in writing to confidentiality obligations that are at least as protective as these Terms. You will, and will take appropriate measures to ensure that your Affiliates, employees, and contractors: (a) take at least reasonable care to protect the confidentiality of the Tencent Confidential Information; and (b) do not use the Tencent Confidential Information for any purpose other than to exercise your rights and perform your obligations under these Terms. However, you may also disclose Tencent Confidential Information to the extent required by applicable laws, regulations, or government orders; provided that you use commercially reasonable efforts, if legally permitted, to: (i) promptly notify Tencent of those disclosure requirements before disclosing the Tencent Confidential Information; and (ii) provide to Tencent any information reasonably requested to assist Tencent in seeking a protective order or other confidential treatment for that Tencent Confidential Information.

    (c) Feedback. If you provide Tencent or its Affiliates with any suggestions, ideas, comments, or other feedback about the Services (“Feedback”), Tencent and its Affiliates may use and otherwise exploit that Feedback without restriction and without obligation to you; provided, however, Tencent will not publicly disclose Feedback in a way that is identifiable to you

    (d) User Data.

    ​ (i) “User Data” means any data, information, media or other content submitted by you or your End Users to the Services, but excluding any data provided to Tencent or its Affiliates as part of your general Account.

    ​ (ii) Tencent will access and process User Data only in connection with the provision of the Services and otherwise in accordance with these Terms and as described in our Privacy Policy. You hereby grant to Tencent a non-exclusive, sublicensable license to access, copy, and use User Data to provide the Services, and otherwise use in accordance with these Terms.

    ​ (iii) You acknowledge and agree that Tencent may disclose User Data to third parties with or without notice to you: (i) to comply with applicable law or protect Tencent’s rights; or (ii) to comply with court orders, a lawful government or law enforcement request, or other legal process. Tencent may also block or remove User Data as required by applicable law, in which case Tencent will make reasonable commercial efforts to promptly notify you if legally permissible.

    ​ (iv) You are solely responsible for maintaining and backing up User Data. You represent and warrant that: (i) you have all rights required to provide User Data to Tencent, for Tencent to use the User Data as provided for in these Terms and for you to use in connection with your use of the Services; and (ii) User Data, and your use of User Data through the Services does not violate any laws or rights of any person. You retain all Intellectual Property Rights in User Data.

    9. TERM AND TERMINATION; SUSPENSION

    (a) Term. These Terms will commence when you accept these Terms or first download, install, access, or use the Services and continue until terminated as set forth below (“Term”).

    (b) Termination by Tencent. To the extent permitted under applicable law, Tencent may, at its sole discretion, terminate these Terms, or suspend or terminate your access to the Services or any aspect of the Services, immediately upon written notice to you if:

    ​ (i) you violate any provision of these Terms;

    ​ (ii) you have not paid any Fees or other amounts owed by you to Tencent within 30 days after the applicable due date;

    ​ (iii) Tencent reasonably believes that you have violated any applicable laws, or engaged in any fraudulent or deceptive activity, in connection with your use of the Services;

    ​ (iv) you enter into liquidation, administrative receivership, bankruptcy or make any voluntary agreement with your creditors or are unable to pay your debts as they fall due; or

    ​ (v) Tencent, at its sole discretion, terminates its provision of or access to the Services (1) in your jurisdiction or industry sector or field of business, or (2) for all of its users or customers.

    (c) Termination by you. You may terminate your account and these Terms at any time by following the instructions provided within the Services. Except as set forth in the EEA Consumer terms, if you terminate your account and these Terms, you are not entitled to a refund of any fees paid to Tencent.

    (d) No Liability for Termination. Except as expressly required by law, if either party terminates these Terms in accordance with any of the provisions of these Terms, neither party will be liable to the other because of the termination, for expenditures or commitments made in connection with these Terms or damages caused by the loss of prospective profits or anticipated sales. Termination will not, however, relieve either party of obligations incurred prior to the effective date of the termination.

    (e) Effect of Suspension. If Tencent suspends your access to any or all of the Services: (a) you remain responsible for all Fees accrued through the date of suspension (including where the charges were incurred before suspension date but performance of the relevant obligations were after the suspension date); (b) you remain responsible for any applicable charges for any part of the Services to which you have access; and (c) you will not be entitled to any service credits under any applicable Service Level Agreement for any period of suspension.

    (f) Effects of Termination.

    ​ (i) Upon termination of these Terms: (i) you will pay Tencent any Fees or other amounts owed under these Terms within 30 days of termination, (ii) you will delete the Software and remove from the Services any Application and User Data; and (iii) upon Tencent’s request, you will use commercially reasonable efforts to return or destroy all Tencent Confidential Information. Tencent has no obligation to make accessible to you any User Data after the termination of these Terms.

    ​ (ii) In addition, the following provisions will survive any termination of these Terms: Sections 1, 5, 7, 8, 9(d), 9(e) , 9(f) , 10(a), 10(b), 11, and 12.

    10. DISCLAIMER

    (a) Disclaimer of Warranties. TO THE MAXIMUM EXTENT PERMISSIBLE UNDER APPLICABLE LAWS, THE SERVICE AND SOFTWARE ARE PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS, AND NEITHER TENCENT NOR ANY OF ITS LICENSORS OR AFFILLIATES, PROVIDERS OR DISTRIBUTORS, MAKE, AND TENCENT HEREBY DISCLAIMS ON BEHALF OF ITSELF AND ITS LICENSORS, ANY REPRESENTATIONS OR WARRANTIES, WHETHER EXPRESS, IMPLIED, OR STATUTORY, REGARDING THE TENCENT CLOUD, ANY OTHER SOFTWARE OR SERVICES, OR ANY MEDIA OR OTHER CONTENT SUBMITTED, UPLOADED, STORED, TRANSMITTED OR DISPLAYED BY OR THROUGH THE SERVICES, INCLUDING ANY REPRESENTATION, WARRANTY OR UNDERTAKING:

    ​ (i) THAT THE SERVICES OR SOFTWARE WILL BE UNINTERRUPTED, SECURE, OR ERROR-FREE OR FREE FROM VIRUSES OR HARMFUL COMPONENTS;

    ​ (ii) THAT USER DATA WILL NOT BE SUBJECT TO LOSS OR DAMAGE;

    ​ (iii) THAT THE SERVICES OR SOFTWARE WILL BE COMPATIBLE WITH YOUR OR YOUR END USERS’ NETWORKS, SYSTEMS, APPLICATIONS, HARDWARE, OR DEVICES; OR

    ​ (iv) THAT THE SERVICES WILL BE OF MERCHANTABLE QUALITY OR FIT FOR ANY PARTICULAR PURPOSE. THE SERVICES not ARE designed or intended FOR HIGH RISK ACTIVITIES.

    (b) Sole and Exclusive Remedy. The parties acknowledge and agree that, regardless of anything to the contrary in these Terms, your sole and exclusive remedy for a breach of an SLA is the receipt of any applicable service credits as set forth and pursuant to the applicable SLA.

    11. LIMITATION OF LIABILITY; INDEMNIFICATION

    (a) Cap on Liability. EXCEPT WITH RESPECT TO FEES PAYABLE BY YOU, TO THE MAXIMUM EXTENT PERMISSIBLE UNDER APPLICABLE LAW, THE TOTAL AGGREGATE LIABILITY OF TENCENT AND ITS AFFILIATES, ON THE ONE HAND, AND YOU ON THE OTHER, FOR ALL CLAIMS ARISING IN CONNECTION WITH THESE TERMS, THE SERVICES, AND THE SOFTWARE WILL BE LIMITED TO THE TOTAL FEES THAT YOU HAVE PAID TO TENCENT UNDER THESE TERMS IN THE 12 MONTHS IMMEDIATELY PRECEDING THE DATE THAT EVENT GIVING RISE TO THE LIABILITY FIRST OCCURRED.

    (b) Disclaimer of Damages.EXCEPT WITH RESPECT TO FEES PAYABLE BY YOU,TO THE MAXIMUM EXTENT PERMISSIBLE UNDER APPLICABLE LAW NEITHER TENCENT, NOR ITS AFFILIATES OR THEIR LICENSORS WILL BE LIABLE TO YOU UNDER ANY CAUSE OF ACTION OR THEORY OF LIABILITY, EVEN IF YOU HAVE BEEN ADVISED OF THE POSSIBILITY OF THOSE DAMAGES, FOR: (A) INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES; OR (B) LOST PROFIT, REVENUE, CUSTOMERS OR OPPORTUNITIES;IN EACH CASE, RELATING TO THE SERVICES.

    (c) Disclaimer of Certain Liabilities. If the Services are interrupted for any of the reasons set forth below, Tencent will promptly cooperate with the entities involved to resolve the applicable interruption, and to the extent permitted under applicable laws, Tencent disclaims liability for any loss to the extent caused by the following:

    ​ (i) causes attributable to infrastructure operators, including but not limited to technical adjustments made by telecommunications operators, damage to telecommunications/power lines, installation, modification or maintenance of telecommunications networks/power resources by telecommunications/power operators.

    ​ (ii) your use of the Services in a manner not authorized by Tencent; improper operation by you or failures in your computer software, systems, hardware, or telecommunications lines.

    ​ (iii) any other circumstances not attributable to the fault of, outside the control of, or not reasonably foreseeable by, Tencent.

    (d) Tencent Indemnification.

    ​ (i) Tencent will defend or, at its option, settle any third party claim, suit or proceeding (“Claim”) brought against you alleging that the use of the Services by you or your End Users in accordance with these Terms infringes a third party patent or copyright. Tencent will have sole control of the defense or settlement negotiations, and Tencent agrees to pay, subject to the limitations set forth in these Terms, any final judgment entered against you and any amounts agreed to in settlement by Tencent as a result of such infringement in any Claim defended by Tencent; provided that you provide Tencent with: (i) prompt written notice of the Claim; (ii) sole control over the defense and settlement of the Claim; and (iii) all reasonably requested information and assistance, at Tencent’s expense, to settle or defend the Claim.

    ​ (ii) In the event that any Claim is brought or, in Tencent’s opinion, likely to be brought, Tencent may, at its sole option and expense: (i) procure for you the right to continue to use the applicable Service; (ii) modify the Service, or replace the Service with non-infringing software or services that do not materially impair the functionality of the Service; or (iii) if neither of the foregoing is feasible on commercially reasonable terms, terminate these Terms and refund on a pro-rata basis any fees prepaid by you to Tencent for the applicable Service.

    ​ (iii) Tencent will have no obligation to you under this Section 11(d) to the extent a Claim arises from: (i) your breach of these Terms; (ii) User Data; (iii) use of the Software or Services in combination with any products, services, data, software, hardware or business processes not provided by Tencent, if the alleged infringement is based on that combination; (iv) use of non-current or unsupported versions of the Services; (v) modifications to the Software or Services by anyone other than Tencent or its Affiliates; or (vi) liability arising from your or any End User’s use of the Services after Tencent has notified you to discontinue such use.

    ​ (iv) THIS SECTION 11 STATES THE ENTIRE LIABILITY OF TENCENT, AND YOUR SOLE AND EXCLUSIVE REMEDY, WITH RESPECT TO ANY CLAIM OF INFRINGEMENT OR MISAPPROPRIATION OF INTELLECTUAL PROPERTY RIGHTS WITH RESPECT TO THE SERVICES.

    (e) Your Indemnification. You will defend or, at your option, settle any Claims brought against Tencent, its Affiliates, and each of their respective licensors, employees, officers and directors, to the extent they are based upon or arise out of: (a) any allegation that any Application or User Data infringes or misappropriates the Intellectual Property Rights of any third party; (b) your, or your End Users’, use of the Services in a way that would be a violation of the these Terms, including the Additional Terms; or (c) a dispute between you and an End User; provided that Tencent or its Affiliates may participate in the defense and settlement negotiations using counsel of their choice, at Tencent’s or its Affiliates’ expense, and any settlement requiring Tencent or its Affiliates or their employees or agents to admit liability, pay money, or take or refrain from taking any action will require Tencent’s or the Affiliate’s prior written consent, not to be unreasonably withheld, conditioned, or delayed. You agree to pay any final judgment entered against Tencent or its Affiliates or their employees or agents, and any amounts you agree to in a settlement, as a result of those Claims. Tencent will provide you with: (a) prompt written notice of any Claims; and (b) any available information and assistance, at your expense, to settle or defend the Claim.

    (f) Independent Allocations of Risk. EACH PROVISION OF THESE TERMS THAT PROVIDES FOR A LIMITATION OF LIABILITY, DISCLAIMER OF WARRANTIES, OR EXCLUSION OF DAMAGES IS INTENDED TO ALLOCATE THE RISKS OF THESE TERMS BETWEEN YOU AND TENCENT. THIS ALLOCATION IS REFLECTED IN THE FEES CHARGED BY TENCENT TO YOU AND IS AN ESSENTIAL ELEMENT OF THE BASIS OF THE BARGAIN BETWEEN YOU AND TENCENT. EACH OF THESE PROVISIONS IS SEVERABLE AND INDEPENDENT OF ALL OTHER PROVISIONS OF THESE TERMS, AND EACH OF THESE PROVISIONS WILL APPLY EVEN IF THE LIMITED REMEDIES IN THESE TERMS HAVE FAILED OF THEIR ESSENTIAL PURPOSE.

    12. EXPORT CONTROL

    (a)Your Status. Neither you, nor any of your officers, directors, shareholders, agents or employees, are:

    ​ (i) listed in any list of designated persons maintained by the United States (including, without limitation, the list of “Specially Designated Nationals” as maintained by the Office of Foreign Assets Control of the U.S. Treasury Department, the United Nations Security Council, the United Kingdom (including the Consolidated List of Financial Sanctions Targets as maintained by Her Majesty’s Treasury), the European Union and any Member State thereof (including the Consolidated List of Persons, Groups and Entities Subject to Financial Sanctions), or any other list of sanctioned persons maintained by an authority with jurisdiction over you (any person so listed being a “Restricted Person”);

    ​ (ii) organized in, operating from or resident in a country or territory that is the target of comprehensive sanctions (as of the date of this Agreement, Iran, Cuba, North Korea, Syria and the Crimea/Sevastopol region (“Sanctioned Territories”)); or

    ​ (iii) controlled or owned by 50 percent or more by any of the foregoing.

    (b) Sanctions Event. If you become a Restricted Person or controlled or owned by 50% or more by a Restricted Person or if provision of the Services becomes otherwise restricted or prohibited as a consequence of the imposition of sanctions or by operation of export control laws or regulations (a “Sanctions Event”), Tencent shall not be obliged to perform any of its obligations or provide Services and shall be entitled to terminate these Terms with immediate effect.

    (c) Export Compliance. In connection with the Services, you will comply with all applicable import, re-import, sanctions, anti-boycott, export, and re-export control laws and regulations, including U.S. or EU restrictions that prohibit or restrict the export, reexport or transfer of products, technology, services or data – directly or indirectly – to or for Sanctioned Territories, Restricted Persons, or other relevant end-users (collectively, “Export Laws”). You agree not to engage in any activities in connection with the Services that would risk placing Tencent in breach of any Export Laws and are solely responsible for compliance with Export Laws related to the manner in which you choose to use the Service, including: (a) your transfer and processing of User Data; (b) the provision of User Data to End Users; and (c) specifying the Service Region in which any of the foregoing occur.

    13. GENERAL

    (a) Independent Contractors. The relationship of the parties established by these Terms is that of independent contractors, and nothing contained in these Terms should be construed to give either party the power to (a) act as an agent or (b) direct or control the day-to-day activities of the other. Financial and other obligations associated with each party’s business are the sole responsibility of that party.

    (b) Non-Assignability and Binding Effect. Neither party may assign or otherwise transfer, by operation of law or otherwise, its rights or obligations under these Terms without the prior written consent of the other party, except Tencent may freely assign or otherwise transfer these Terms without your consent: (a) in connection with a merger, acquisition or sale of all or substantially all of Tencent’s assets; or (b) to any Affiliate or as part of a corporate reorganization. Any attempted assignment or transfer in violation of the foregoing restriction will be void. Subject to the foregoing, these Terms will be binding upon and inure to the benefit of the parties and their successors and permitted assigns.

    (c) Consent to Electronic Communications. By using the Services, you consent to receiving certain electronic communications from us as further described in our Privacy Policy. Please read our Privacy Policy to learn more about our electronic communications practices. You agree that any notices, agreements, disclosures, or other communications that we send to you electronically, whether by e-mail, through the Services Platform, or otherwise, will satisfy any legal communication requirements, including that those communications be in writing.

    (d) Force Majeure. If the performance of these Terms is delayed or either party breaches these Terms due to an event of force majeure, including but not limited to natural disasters, acts of government, promulgation or change of policies, promulgation or change of laws and regulations, strikes and unrest, neither party will be liable for the breach (except for Customer’s payment obligations hereunder), provided that the affected party will notify the other party as soon as practicable. If an event of force majeure prevents the performance of these Terms for more than 30 calendar days, either party may terminate these Terms, without assuming any liability, by giving 15 days' advance written notice to the other party.

    (e) Governing Law and Dispute Resolution. Except as provided in the North America Terms, EEA Consumer Terms, and Germany Terms below, any claims for equitable relief may be brought any court of competent jurisdiction even if the parties have chosen an exclusive venue below. These Terms are governed by the jurisdiction set forth in Section 3. Unless the North America Terms, EEA Consumer Terms, PRC Terms, and Germany Terms specify otherwise, all claims arising out of or relating to these Terms or the Services, will be resolved by arbitration administered by the Singapore International Arbitration Centre in accordance with the Arbitration Rules of the Singapore International Arbitration Centre in force when the notice of arbitration is submitted. The seat of the arbitration will be Singapore and the language will be English. All proceedings will be confidential and there will be one arbitrator only.

    (f) Waiver and Severability. The waiver by either party of any breach of these Terms does not waive any other breach. Neither party will be treated as having waived any rights by not exercising (or delaying the exercise of) any rights under these Terms. If any part of these Terms is unenforceable, the remaining portions of these Terms will remain in full force and effect.

    (g) No Third-Party Beneficiaries. These Terms are not intended to confer any benefits on any third party except to the extent that it expressly states that it does. End Users are not a third party beneficiaries to these Terms.

    (h) Entire Agreement. These Terms and the Additional Terms are the final and complete expression of all agreements between you and Tencent regarding their subject matter and supersede all prior oral and written agreements regarding these matters. The Additional Terms referred to in these Terms are incorporated by this reference. In the event of any conflict between the terms of the main terms and conditions of these Terms and the Additional Terms, these main terms and conditions will control, followed by the Additional Terms. However, the terms and conditions of the PRC Service Region Terms, the North America Terms, the EEA Consumer Terms, or the Germany Terms will control, if applicable.

    (i) Modification of these Terms. Tencent may amend these Terms, including the Additional Terms, from time to time by posting updated versions to the Tencent Cloud site. Updated versions will be effective no earlier than the date of posting. Tencent will use reasonable efforts to notify you of the changes, but you are responsible for periodically checking these Terms and the Additional Terms for any modifications. Your continued use of the Services constitutes your acceptance of any amended Terms. Amended Terms are not applicable retroactively.

    TENCENT CLOUD PRC SERVICE REGION TERMS

    To the extent you wish to receive Services under the Tencent Cloud Terms of Service (“Terms”) for which the PRC is the Service Region, such Services shall be subject to the terms of these PRC Service Region Terms. Any terms used but not defined in these PRC Service Region Terms have the meaning given to them in the Terms.

    1. Prohibited Conduct. When using Services in the PRC, you must comply with all applicable laws, regulations, rules and policies, and safeguard internet security. You must not engage in, or facilitate, any activities that constitute a violation of laws and regulations, including but not limited to:

    (a) activities that: jeopardize national security, reputation or interests; incite subversion of state power; overthrow the socialist system; incite division of state and sabotage national unity; advocate terrorism or extremism; incite ethnic hatred or discrimination;

    (b) deceptive, false or misleading practices, or practices that infringe the intellectual property rights or legitimate rights and interests of others, such as using "private servers" or "plug-ins";

    (c) the posting or dissemination of spam or unlawful content that disrupt national order, jeopardize national security, or advocate feudal superstitions, obscenity, pornography or vulgarity;

    (d) violation of operating rules relating to networks, devices or services linked to the Tencent Cloud network; unlawful or unauthorized access, misappropriation, interference or surveillance;

    (e) any actual or attempted sabotage of network security, including but not limited to performing malicious scanning of websites and servers, hacking into a system, or unlawfully accessing data by using viruses, Trojans or malicious codes, phishing and so forth;

    (f) any actual or attempted modification of system configuration set by Tencent or any actual or attempted sabotage of system security; using technological means to undermine or disrupt the operation or others' use of the Services; any actual or attempted disruption of the normal operation of any products of Tencent or any part or functions thereof in any way, or the production, posting or dissemination of such tools or methods;

    (g) you being frequently attacked (including but not limited to DDoS attacks) as a result of the provision of services, including but not limited to "DNS resolution", "security services", "domain name proxy" and "reverse proxy", and failing to correct your practices in a timely manner, or failing to eliminate the effects as requested by Tencent, thereby causing an impact on the Services platform or on others;

    (h) other illegal or non-compliant practices, including but not limited to illegal activities such as gambling.

    2. Your Information.

    (a) You shall provide truthful, legitimate and valid information (the "Information") in accordance with the registration procedures for the Services, including but not limited to your name, contact, email, telephone, mailing address, industrial and commercial registration documents and so forth. If any change occurs to the Information, you shall promptly notify Tencent of such change.

    (b) To ensure account and transaction security, Tencent shall be entitled to require you to carry out real-name authentication at any time, and you shall cooperate accordingly. You agree that Tencent Cloud may authenticate your Information with third parties, and you authorize Tencent to obtain all necessary information relating to your use of the services.

    (c) In order to reasonably protect your interests and those of your users and other right holders, Tencent shall be entitled to put in place processes and systems specifically devoted to dealing with infringement and complaints, and you shall comply with such processes and systems. If Tencent receives a complaint or report from a third party against you, Tencent shall be entitled to disclose your information (including but not limited to your registered name, identification, contacts, telephone number and so forth) to the complainant as necessary and urge you to consult with the complainant, with a view to promptly resolving such complaint or dispute and protecting the legitimate rights and interests of all parties concerned. You shall extend your cooperation; failure to do so may affect your use of the Services.

    3. Security.You will not install or use any pirated software on the Services, and must take security measures to protect your computer information systems as required under applicable PRC rules, including but not limited to installing any required State-approved security products specifically designed for computer information systems.

    4. Remedies. If Tencent discovers, on its own or based on information provided by the competent authorities or complaints filed by rights holders, that you have violated applicable laws, regulations or rules, or breached the Terms, including these PRC Service Region Terms, Tencent will be entitled to take any one or more of the following steps at its own discretion:

    (a) demanding that you immediately remove or modify the content in question;

    (b) directly removing or blocking the content in question or disabling the links in question;

    (c) restricting or suspending the provision of the Services to you (including but not limited to directly taking your services offline and withdrawing the relevant resources or setting restrictions on your operations under your Account(s));

    (d) in case of serious violations or breaches, Tencent will have the right to terminate the provision of Services to you and terminate the Terms (including but not limited to directly taking all of your services offline and withdrawing the relevant resources). The fees already paid by you for any unused service period will be credited to Tencent as liquidated damages;

    (e) pursuing other liabilities against you in accordance with law.

    5. Cooperation with Authorities. Tencent will be entitled to cooperate with any inquiry made by the judicial authorities, administrative authorities or other competent authorities of the PRC, and provide the information, so as to resolve complaints and disputes in timely manner and protect the legitimate rights and interests of all parties concerned.

    6. Governing Law. The provisions of Section 13(e) and the provisions of Section 3 concerning governing law of the Terms are hereby deleted and restated as follows:

    The formation, effectiveness, performance and interpretation of, and dispute resolution in relation to, these Terms will be governed by the laws of the PRC (excluding the conflicts of law provisions). In the event of any dispute arising out of these Terms, the parties will first attempt to resolve the dispute through consultations; if the parties fail to resolve the dispute through consultations in good faith, either party may refer the dispute or conflict to a People's Court in Nanshan District, Shenzhen.

    TENCENT CLOUD NORTH AMERICA TERMS

    To the extent you wish to receive Services under the Tencent Cloud Terms of Service (“Terms”) and the country specified in your registered billing information is in North America, you shall be subject to the terms of these North America Terms. Any terms used but not defined in these North America Terms have the meaning given to them in the Terms.

    1. Dispute Resolution and Arbitration

    (a) Except for the right of either party to apply to any court of competent jurisdiction for a temporary restraining order, a preliminary injunction, or other equitable relief to preserve the status quo or prevent irreparable harm, any dispute, controversy or claim arising in any way out of or in connection with the Terms, including the existence, validity, interpretation, performance, breach or termination of the Terms, or any dispute regarding pre-contractual or non-contractual rights or obligations arising out of or relating to it (“Dispute”) will be referred to and finally resolved by binding arbitration. Arbitration is less formal than a lawsuit in court. Arbitration uses a neutral arbitrator instead of a judge or jury, may allow for more limited discovery than in court, and can be subject to very limited review by courts. Arbitrators can award the same damages and relief that a court can award. This agreement to arbitrate disputes includes all claims arising out of or relating to any aspect of these Terms, whether based in contract, tort, statute, fraud, misrepresentation, or any other legal theory, and regardless of whether a claim arises during or after the termination of these Terms. YOU UNDERSTAND AND AGREE THAT, BY ENTERING INTO THESE TERMS, YOU AND TENCENT ARE EACH WAIVING THE RIGHT TO A TRIAL BY JURY OR TO PARTICIPATE IN A CLASS ACTION.

    (b) Any arbitration between you and Tencent will be administered by the American Arbitration Association (“AAA”) under its rules in force when the Notice of Arbitration is submitted in accordance with those Rules (“Rules”), which Rules are deemed to be incorporated by reference into this clause and as may be amended by the rest of this clause. The Rules and filing forms are available online at www.adr.org or by calling the AAA at 1-800-778-7879. The Federal Arbitration Act and federal arbitration law apply to the Terms. All arbitration proceedings between the parties will be confidential unless otherwise agreed by the parties in writing.

    (c) Tencent will reimburse you for your payment of the filing fee, unless your claim is for more than $10,000, in which case the payment of any fees will be decided by the Rules. Any arbitration hearing will take place at a location to be agreed upon in Santa Clara County, California, but if the claim is for $10,000 or less, you may choose whether the arbitration will be conducted: (a) solely on the basis of documents submitted to the arbitrator; (b) through a non-appearance based telephone hearing; or (c) by an in-person hearing as established by the Rules in the county (or parish) of your billing address. The arbitration tribunal will consist of three arbitrators to be appointed in accordance with the Rules. Arbitration will be conducted in English. Judgment upon the award rendered by the arbitrators may be entered in any court of competent jurisdiction.

    (d) YOU AND TENCENT AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN YOUR OR ITS INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING. Further, unless both you and Tencent agree otherwise, the arbitrator may not consolidate more than one person’s claims, and may not otherwise preside over any form of a representative or class proceeding.

    2. Third Party Connectivity Services

    The Services provided to you may include broadband data connectivity services that connect your location(s) to Tencent Cloud (the “Third Party Connectivity Services”). Tencent acts as a network manager and obtains the Third Party Connectivity Services on your behalf as an element of the Services you receive. The Third Party Connectivity Services are provided by one or more broadband service provider(s) subject to the terms and conditions of such provider(s). The Third Party Connectivity Services are subject to certain performance limitations that impact your use of the same. You may contact Tencent at cloudlegalnotices@tencent.com to obtain additional information about the Third Party Connectivity Services that are being used as an element of your Services, including the provider(s)’ network practices, performance characteristics, and applicable commercial terms. Tencent passes through any costs for the Third Party Connectivity Services from the provider(s) to you and may charge a network manager fee as part of the Services offered.

    TENCENT CLOUD EUROPEAN ECONOMIC AREA AND SWITZERLAND (“EEA”) CONSUMER TERMS

    If you are not a business user and you are purchasing the Services for personal use, to the extent you wish to receive Services under the Tencent Cloud Terms of Service (“Terms”) and the country specified in your registered billing information is in the EEA, such Services shall be subject to the terms of these EEA Consumer Terms. Any terms used but not defined in these EEA Consumer Terms have the meaning given to them in the Terms.

    1. Governing Law

    These terms shall be governed by English law, except that (if you are a consumer and not a business user) and if you live in a country (which, for these purposes, includes Scotland or Northern Ireland) of the European Union other than England, there may be certain mandatory applicable laws of your country which apply for your benefit and protection in addition to or instead of certain provisions of English law and those mandatory laws will apply.

    You agree that any dispute between you and us regarding these terms or the Services will only be dealt with by the English courts, except that if you are a consumer and not a business user) and if you live in a country (which, for these purposes, includes Scotland or Northern Ireland of the European Union other than England, you can choose to bring legal proceedings either in your country or in England, but if we bring legal proceedings, we may only do so in your country. If you are a consumer within the EEA, to the extent there is any conflict, this provision shall take precedence over any term in the front-end of these Terms.

    If you reside in EEA you may also have recourse to a mediation procedure body designated by us or an alternative dispute resolution process. The European Commission provides consumers with an online dispute settlement platform accessible at the following address: http://ec.europa.eu/consumers/odr/.

    2. Cancellation Right

    You normally have the right to cancel the Services within 14 days after the date the Services start being provided. However, you acknowledge that we start provision of the Services immediately following acceptance of your selection of the Services (which, by selecting the Service, you request us to do) and that you will have no right to change your mind and cancel under the Consumer Contracts Regulations once the Services have been fully carried out. If you cancel before the Services have been fully carried out (and within the 14-day period) then the charge you pay us (and which we will deduct from any refund otherwise due to you) will be proportionate to the Services that have been used by the time you cancel, and will not exceed our reasonable costs of providing the Services up until that point.

    To cancel the Services, you must clearly inform us, preferably:

    • by contacting customer service by submitting a work order through the console at https://console.intl.cloud.tencent.com/workorder/category, giving us your name, address, and account information; or

    Nothing in this section affects your legal rights.

    3. Our refunds policy

    If you cancel the Services within the 14-day cooling-off period (see above), we will process any refund due to you as soon as possible and, in any case, within 14 days after you notify us of cancellation.

    If you received any promotional or other discount when you paid, any refund will only reflect the amount you actually paid.

    Refunds are made using the same method originally used by you to pay for your purchase, unless agreed otherwise.

    4. Defective Services

    If any Services you order are defective (in other words, they do not comply with the requirements of these Terms), you may have one or more legal remedies available to you, depending on when you make us aware of the problem, in accordance with your legal rights. If you believe the Services are defective, you should inform us as soon as possible by contacting customer service by submitting a work order through the console at https://console.intl.cloud.tencent.com/workorder/category, giving your name, address and account information. Nothing in this section affects your legal rights.

    5. France Specific Terms

    If you are a consumer residing in France, please note that the exclusion and limitation of liability provisions included in Sections 11(a) and 11(b) of the Terms above, will not apply to you.

    TENCENT CLOUD GERMANY TERMS

    To the extent you wish to receive Services under the Tencent Cloud Terms of Service (“Terms”) and the country specified in your registered billing information is in Germany, you shall be subject to the terms of these Germany Terms, which prevail over the general Tencent Cloud Terms of Service in case of any contradictions. Any Terms used but not defined in these Germany Terms have the meaning given to them in the Terms.

    1. Privacy Policy. Our Privacy Policy does not form part of the Terms. It only serves for informational purposes and provides information on how we process personal data within the scope of the Services.

    2. Changes to the Service and/or the Terms. We reserve the right to change the Service and/or the Terms. We will notify you of the changed conditions by email at least six (6) weeks before their effective date and will indicate the intended application of these new Terms. If you do not object to the application of the new Terms within this period of time or if you continue to use the Services after the changed Terms have entered into force, the new Terms will be considered to have been accepted. We will notify you of the importance of the six (6) week period, the right to object, and the legal consequences of silence. If you do not accept the new Service and/or Terms, which are essential for the continued provision of our Services, we may terminate out contractual relationship with you.

    3. Third Party Software. No terms and conditions applicable to Third Party Software form part of the Terms. You are not bound by any terms and conditions applicable to Third Party Software by these Terms.

    4. Limitation of Liability, Indemnification. Notwithstanding Section 11 of the Tencent Cloud Terms of Service, the following applies to you:

    (a) For damages with respect to injury to health, body or life caused by Tencent, Tencent’s representatives or Tencent’s agents in the performance of the contractual obligations, we are fully liable.

    (b) Tencent is fully liable for damages caused wilfully or by gross negligence by Tencent, Tencent’s representatives or Tencent’s agents in the performance of the contractual obligations. The same applies to damages which result from the absence of a quality which was guaranteed by Tencent or to damages which result from malicious action.

    (c) If damages, except for such cases covered by Sections 4(a), 4(b) or 4(d), with respect to a breach of a contractual core duty are caused by slight negligence, Tencent is liable only for the amount of the total fees that you have paid to Tencent under these terms in the twelve (12) months immediately preceding the date that event giving rise to the liability first occurred. Contractual core duties, generally, are such duties whose accomplishment enables proper performance of an agreement in the first place and whose performance a contractual party regularly may rely on.

    (d) Tencent’s liability based on the German Product Liability Act remains unaffected.

    (e) Any further liability of Tencent is excluded.

    (f) The limitation period for claims for damages against Tencent expires after one (1) year, except for such cases covered by sections 4(a), 4(b), or 4(d).

    5. Inapplicable Clauses. The following Section of the Tencent Cloud Terms of Service do not apply to you: Section 9(b)(iv), Section 9(d), Section 10, and Section 12(g).

    6. Consentto Electronic Communications. Notwithstanding Section 12(c) of the Tencent Cloud Terms of Service, we will ask you for a separate consent to receiving certain electronic communications from us.

    7. Termand Termination. Irrespective of Section 9 of the Tencent Cloud Terms of Service, Tencent may terminate the Terms at any time and for any and no reason upon providing to you 30 days’ written notice.

    8. Governing Law. Notwithstanding Section 3(a) of the Tencent Cloud Terms of Service, if you use our Services as a consumer, the governing law that applies to the Terms is German law.

    TENCENT CLOUD SOUTH KOREA TERMS

    To the extent you wish to receive Services under the Tencent Cloud Terms of Service (“Terms”) and the country specified in your registered billing information is South Korea, you shall be subject to the terms of these South Korea Terms, which prevail over the general Tencent Cloud Terms of Service in case of any conflict or inconsistency. Any terms used but not defined in these South Korea Terms have the meaning given to them in the Terms.

    1. Eligibility
    Section 2 concerning eligibility of Terms is hereby restated as follows:
    You must be at least 19 years old to use the Services. By agreeing to these Terms (including South Korea Terms, hereinafter the same), you represent and warrant to us that: (a) you are at least 19 years old; (b) you have not previously been suspended or removed from the Services; and (c) your registration and your use of the Services is in compliance with any and all applicable laws and regulations. If you are an entity, organization or company, the individual accepting these Terms on your behalf represents and warrants that they have authority to bind you to these Terms and you agree to be bound by these Terms.

    2. Changes on Services or Fees
    If Tencent changes the Services or Fees, Tencent will specify the reason for the change, the content of the Services or Fees to be changed, and the date of provision, etc., and post such information on the initial screen of the Service at least 7 days prior to the date of implementation of such change. However, if the change in Service or Fees is unfavorable or material to you, we will notify you at least 30 days in advance and obtain consent from you with respect to the change.

    3. Cancellation

    (a) If you are an end-user of the Services and a consumer under Act on the Consumer Protection in Electronic Commerce, etc., you may cancel the Services within 7 days after the date of commencement of the Services. However, notwithstanding the above, if the contents of the Services are different from the contents displayed or advertised by Tencent, or if the contents are performed differently from contents specified in the Terms and other agreements related to the Services, you may cancel the Services within three months after the date of commencement of the Services, or within 30 days after the date you knew or could have known such fact.

    (b) You may not cancel the Services against Tencent’s intention if the Services that Tencent has provided are temporary or with only partial functions.

    (c) in order to cancel the Services, you must clearly inform us, preferably by contacting customer service by submitting a work order through the console at https://console.intl.cloud.tencent.com/workorder/category, giving us your name, address, and account information.

    (d) Cancellation will take effect from the date of sending your intention to cancel.

    (e) If you cancel, Tencent will delete and terminate your Service without delay and refund Fees within 3 days after the date of deletion/termination.

    (f) In the event that Tencent delays the refund in paragraph (e), Tencent will pay you the delayed interest calculated by multiplying the delayed period by the interest rate prescribed by the Act on the Consumer Protection in Electronic Commerce, Etc. and the Enforcement Decree.

    (g) Tencent will request the business operator who provided the Payment Method used to pay the Fees to suspend or cancel the charge for the Fees without delay. However, if Tencent has already received Fees from the payment company, it will be refunded to the payment company and notify to you.

    (h) If you have used some of the Services, Tencent is entitled to make a claim against you for an amount equivalent to the benefits you have obtained by using the Services or the cost of supplying the Services for you.

    (i) Tencent may not claim a penalty or compensation for damages on the grounds of cancellation.

    4. Modification of the Terms
    If Tencent intends to amend the Terms, Tencent will post the updated version on the Tencent Cloud website. Updated versions will be effective no earlier than 7 days after the date of posting. Your continued use of the Services after the effective date of the updated Terms constitutes your acceptance of any amended Terms. However, if the modification in the Terms is unfavorable or material to you, we will notify you at least 30 days in advance and obtain consent from you with respect to the modification.

    5. Governing Law
    Notwithstanding Section 3(a) of the Terms, if you use our Services as an end-user or consumer, the governing law that applies to the Terms will be Korean Law.

    Privacy Policy

    Last updated: 2021-09-07 17:47:27

    SUMMARY

    What type of personal information do we collect?

    We collect information regarding your use and purchase of our Services and your interactions with Tencent. You also provide information when you make an enquiry on our website or register to use our Services. Examples include your name and contact details. If you are the administrator of the account, you have the ability to provide access rights to other persons by including their email address in the service console. For information that you provide to us to set up your account, and that we collect and generate in managing your Services, we act as the controller. For information that you store using the Services (for example, content that you upload to store on our servers), we act as a processor. See below at The Types of Personal Information we Collect and Process for more information.

    How will we use the collected personal information?

    We will use the collected information to create and verify your account, enable password change, process payments, and to communicate with you. See below at How we use Your Personal Information for more information.

    Who do we share the collected personal information with?

    We share your information with our third party service providers, related group companies and as required by law. See below at How we share and store your Personal Information for more information.

    Where do we process the collected personal information?

    Our servers may be located outside of the country you are located, for example in Mainland China. See below at How we share and store your Personal Information for more information.

    How long do we hold on to the collected personal information?

    Your information is retained so long as your account exists. After which, the information is deleted within a set time period, depending upon the type of personal information. See below at Data Retention for more information.

    How do I exercise my rights over my information?

    You may have special rights over your information and how we can use it. These include how you can access the information, erasing the information, restricting how your information can be used, objecting to its use and getting a copy of your information. See below at Your Rights for more information.

    Dispute Resolution

    If you have any concerns or complaints, please contact us at cloudlegalnotices@tencent.com.See below at Contact & Complaints for more information.

    How will we notify you of changes?

    If there are any significant changes to this privacy policy, we will provide a notice on our website.See below at Updates & Changes for more information.

    Contact Information

    Data Controller (EEA, UK and Switzerland): Tencent Cloud Europe B.V.. Address: Atrium building, 8th floor, Strawinskylaan 3127, 1077 ZX Amsterdam, the Netherlands.

    Data Controller (Outside EEA, UK and Switzerland): The entity you have contracted with, as set out in the Terms of Service.

    Data Protection Officer: Please email cloudlegalnotices@tencent.com.

    Jurisdiction-Specific Addenda

    Additional provisions with respect to certain jurisdictions are included in the addenda to this privacy policy. If you are ordinarily resident in a jurisdiction listed, then the relevant terms for that jurisdiction apply to you. In the event of a conflict between an addendum and this privacy policy, the provisions of the relevant addendum will prevail with respect to the relevant territory only. Unless otherwise provided in a relevant addendum, the provisions of this privacy policy apply to such territory in addition to the specific provisions of such addendum and are not amended except as specifically stated in such addendum.

    Modules

    The Modules set out below in the section Modules to this privacy policy shall apply and form part of this privacy policy if you use the specific Feature (as defined in each relevant Module). You acknowledge we will collect, process, use and store your personal information, as described in the applicable Module. See below at Modules for more information.

    INTRODUCTION

    When you use the Tencent Cloud website and cloud services (including https://tencentcloud.io and https://intl.cloud.tencent.com) ("Services"), you are agreeing to our rules and policies regarding your personal information and you expressly consent to us collecting, processing, using and storing your personal information, as described in this privacy policy.

    If you do not agree with this privacy policy, you must not use the Services.

    We hold personal information that you provide to us to set up and manage your account and the Services, and personal information generated in connection with your use of the Services ("Administrative Information"). We are the data controller of Administrative Information. This privacy policy informs you of your choices and our practices regarding your Administrative Information.

    We also hold data, including personal information, that you submit, upload, transmit or display using the Services ("Content") and we store this data solely in order to provide the Services. The terms relating to our storage of Content are set out in our Terms of Service and Data Processing and Security Addendum. You are the data controller of Content and questions about data handling processes from your users or third parties regarding Content should in the first instance be addressed to you. At all times, we act as a service provider to you, and process data on your behalf. You can extract your Content at any time.

    If you are located in the European Economic Area or Switzerland, the data controller of your personal information for the purposes of the General Data Protection Regulation is Tencent Cloud Europe B.V., a company registered in The Netherlands with its registered address at Atrium building, 8th floor, Strawinskylaan 3127, 1077 ZX Amsterdam, the Netherlands. If you are located outside the European Economic Area or Switzerland, the data controller of your personal information is the entity that you have contracted with, as set out in the Terms of Service. In each case, the relevant entity is referred to in this policy as "Tencent", "we" and "us".

    Our data protection officer can be contacted at cloudlegalnotices@tencent.com.

    SECTION 1: WHERE WE ARE A DATA CONTROLLER

    The Types of Personal Information We Collect and Process

    We will collect and use the following information about you:

    • Information you give us. You may give us information about you by making an enquiry about our Services, using our Services or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register for our Services (or for business customer, act as the company's business representative to register for Services), such as your name, username, email address, photo ID, credit card information, telephone number and other information that helps us register you to use our Services.

    • Information we collect about you when use our Services. We automatically collect certain information from you when you use our Services through the Tencent Cloud web portal, including IP address, User Agent and Device ID, and information regarding your use of our Services such as our log of your visits, site access requests, uploads and downloads.

    • Information that we obtain from a third party. Tencent Cloud allows administrators of the user account to determine access rights. In doing so, the administrator of your Services (which might be you) can include the email addresses of other persons who are to be given access to the Services under that account. If you are the administrator of the account, you acknowledge and undertake to us that you have the consent of the individual concerned to provide their email address for this purpose.

      We also collect and store your information each time you interact with Tencent, for example, when you communicate with us by email, activate new Services, or complete forms on our website. We also store information about the Services you purchase, such as the activation code, date of purchase, and information relating to any support issue.

    Cookies

    We use cookies and other similar technologies (e.g. web beacons, Flash cookies, etc.) ("Cookies") to enhance your experience using the Services. Cookies are small files which, when placed on your device, enable us to provide certain features and functionality.

    You have the option to permit installation of such Cookies or subsequently disable them. You may accept all Cookies, or instruct the web browser to provide notice at the time of installation of Cookies, or refuse to accept all Cookies by adjusting the relevant function in the web browser of your computer. However, in the event of your refusal to install Cookies, Tencent Cloud may be prevented from providing some of its Services available to you.

    For more information about the Cookies we use, please see our Cookies Policy

    Children

    Our Service is not intended for children. Children must not use the Service for any purpose. We will not knowingly allow anyone under 16 to register for our Services and/or provide any personal identification information. If you are under 16, please do not sign up to use our Services or provide any information about yourself through the Service.

    How We Use Your Personal Information

    We will use the information in the following ways and in accordance with the following legal bases:

    Personal Information Purpose of Use Legal Basis for Processing (only applicable for the EEA and UK)
    Location, Name, Email Address, IP Address, User Agent (or website browser), Device ID and Tencent Cloud ID, Address (including city and post code) (Mandatory) We use this information to:
    · create your Tencent Cloud account in accordance with your request;
    · allow for password resets;
    · provide you with user support; and
    · enforce our terms, conditions and policies.
    We process this information as it’s necessary for us to perform our contract with you to provide the Services.
    Mobile Number, Email Address (Mandatory) We use this information:
    · to verify your Tencent Cloud account;
    · for security protection (if you activate account verification, this will be used to send you SMS alerts and two-factor authentication codes when you modify account passwords, email addresses, etc.);
    · for product notifications;
    · for order confirmations; and
    · for service information (e.g. account balance information, and to communicate to you when your account balance is running low).
    It is in our legitimate interests to verify your identity and communicate with you about the Services.
    Photo ID (e.g., driver’s license or passport) Name and Address (Mandatory) If you elect to use servers located in the PRC (excluding Hong Kong (China), Macau (China) and Taiwan (China)) for the Services, we use your photo ID (or, where you are a corporate customer, corporate documentation) to ensure that your account is legally verified in accordance with local law. It is in our legitimate interests to process such data to ensure you are able to activate the service for use in jurisdictions where this is a legal requirement.
    Credit card information (card number, name, expiration date, security code) (Mandatory) We use your credit card information to process payments made by you for use of the Services. We process this information as it’s necessary for us to perform our contract with you to facilitate payment for the Services.
    Transaction Records (such as date and time of payment for services) (Mandatory) We provide access to your Transaction Records to allow you to see your transaction history. We process this information as it’s necessary for us to perform our contract with you to manage payments in respect of the Services.
    Log Data, Metadata, IP Address, User Tickets, User Agent, Date and Time of Access, each URL visit within the Tencent Cloud website whether direct or referred from third party website (Optional) We use this information for strategy and Service improvement and for analytics. It is in our legitimate interests to improve our strategy and Services.
    Customer Service Ticket/ Chat Content, IP Address, Tencent Cloud ID, incident details and response steps (Mandatory) We use this information to:
    · deal with your concerns and complaints about the Service; and
    · improve and administer our Services and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes, and to keep our Services safe and secure.
    It is in our legitimate interests to improve our Services and provide support in connection with the Services supplied to you.
    Log and Metadata in relation to incidents (Optional) We use this information in order to improve our Service and responses. It is in our legitimate interests to improve our Service and responses.
    Enquiry Data (data provided when you submit an enquiry via our website contact form or as part of a sales enquiry), including: your name, email, phone number, company name, business service, location, and details of your query (Mandatory) We use this information to respond to your request. It is in our legitimate interests to process this information as it is needed to respond to your request.
    Technical support enquiry data (data provided when you submit a technical support request), including your name, email, phone number, the type of your question, and details of your query (Mandatory) We use this information to respond to your request. It is in our legitimate interests to process this information as it is needed to respond to your request.
    Promotional Contact Data: Name, Email, Phone Number, Company Name, Business Service, Location and details of your query (Optional) We use this information to promote our products and services to you. We process this information with your consent. You can withdraw this consent at any time.
    Marketing Data: Name, Business Email, Phone Number, Company Name, Country/Region, Industry and Job Title (Mandatory) We use this information:
    · to reserve you a place on our online events and webinars
    · for product notifications; and
    · for order confirmations.
    We process this information with your consent. You can withdraw this consent at any time.
    Name, Email Address, Country Code, Phone Number, Company Name, Business Service, Inquiry (Mandatory) We use this information:
    · to process your application for the COVID-19 Cloud Resources Support Program;
    · to respond to requests for our products;
    · for product notifications; and
    · for order confirmations.
    We process this information pursuant to our contract with you to provide the support.

    How We Share and Store Your Personal Information

    We may share your personal information with selected third parties in and outside your country, including:

    • Third Parties where we use a third party service to: (a) process payments ; (b) provide customer support (including provision of a support database and ticketing); (c) send SMS service notification; or (d) provide other services, support, features or functionality as part of the Services, including those listed on our Third Parties page.

    • Related group companies, including the entities listed on our Third Parties page, with whom we share your personal information to operate our Services.

    To the extent data is transferred outside of the EEA or UK for processing (for example, to Mainland China), we rely on the European Commission's model contracts for the transfer of personal data to third countries (i.e., the standard contractual clauses), pursuant to Decision 2001/497/EC (in the case of transfers to a controller) and Decision 2004/915/EC (in the case of transfers to a processor);

    • Law enforcement agencies, public authorities or other judicial bodies and organisations. We disclose information if we are legally required to do so, or if we have a good faith belief that such use is reasonably necessary to:

      • comply with a legal obligation, process or request;

      • enforce our terms of service and other agreements, policies, and standards, including investigation of any potential violation thereof;

      • detect, prevent or otherwise address security, fraud or technical issues; or

      • protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law (including exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction); and

    • A third party that acquires all or substantially all of us or our business. We will disclose information to a third party in the event that we sell or buy any business or undergo a merger, in which case we will disclose your data to the prospective buyer of such business. We will also disclose information to a third party if we sell, buy, merge or partner with other companies or businesses, or sell some or all of our assets. In such transactions, user information may be among the transferred assets.

    Tencent may provide links to other third party websites as a convenience to you (collectively, the "Third Party Websites"). Please exercise care when visiting any Third Party Websites. The Third Party Websites have separate and independent privacy policies, notices and terms of use which govern your use of such websites and their use of any information they collect. We recommend you read these policies carefully. Tencent disclaims all liability for personal information you provide to any Third Party Websites.

    The Security of Your Personal Information

    Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of the information transmitted to our site.

    Data Retention

    We will retain your personal information as described below (except if otherwise required to be retained by applicable law).

    Information Retention Period
    Location, Email Address, Password, IP Address, User Agent (or website browser), Device ID, Tencent Cloud ID, Verification Code, Mobile Number, Name, Address (including city and post code) Account data is held for so long as an account exists. Information is erased within thirty (30) days of the date the account is deleted.
    Credit card information(card number, name, expiration date, security code) Account data is held for so long as an account exists. Information is erased within thirty (30) days of the date the account is deleted.
    Transaction Records Payment data is held for as long as an account exists. Information is erased within ninety (90) days of the date the account is deleted.
    Photo ID (e.g, driver’s license or passport) Name and Address Account data is held for so long as an account exists. Information is erased within thirty (30) days of the date the account is deleted.
    Log Data, Metadata, IP Address, User Agent, Date and Time of Access, each URL visit within the Tencent Cloud website whether direct or referred from third party website This data is held for so long as an account exists. Information is erased within thirty (30) days of the date the account is deleted.
    Customer Service Ticket / Chat Content, IP Address, Tencent Cloud ID, incident details and response steps This data is held for so long as an account exists. Information is erased within twenty-four (24) hours of the date the account is deleted.
    Log and Metadata in relation to incidents This data is held for so long as an account exists. Information is erased within thirty (30) days of the date the account is deleted.
    Enquiry Data (data provided when you submit an enquiry via our website contact form or as part of a sales enquiry, including your name, email, company name, business service, phone number and location) Enquiry data is held until an enquiry is resolved, and then erased within one hundred and eighty (180) days of such resolution, unless you agree to have this data retained and receive more information in the future.
    Technical support enquiry data Technical support enquiry data is held until an enquiry is resolved, and then erased within one hundred and eighty (180) days of such resolution, unless you agree to have this data retained and receive more information in the future.
    Promotional Contact Data: Name, Email and Phone Number Such data is held until you tell us that you no longer wish to receive promotional information.
    Marketing Data: Name, Business Email, Phone Number, Company Name, Country, Industry and Job Title. Such data is held until you tell us that you no longer wish to receive promotional information.
    Name, Email Address, Country Code, Phone Number, Company Name, Business Service, Inquiry. This data is held for so long as the COVID-19 Cloud Resources Support Program operates. Information is erased within ninety (90) days of the date the COVID-19 Cloud Resources Support Program ends.

    Personal information, which has fulfilled the purpose for which it was collected or used, and has reached the period of time during which personal information was to be possessed, will be destroyed in an irreversible way. Personal information stored in electronic files will be deleted safely in an irreversible manner by using technical methods, and printed information will be destroyed by shredding or incinerating such information.

    In the event that the processing and retention period have terminated, but personal information is required to be retained continuously for other reasons including for the purposes as prescribed under applicable laws, the relevant personal information will be stored and maintained separately from other types of personal information.

    Your Rights

    This section ("Your Rights") applies to users who are located in the European Economic Area. The sub-section entitled "Access, Correction & Deletion" also applies to users who are located in Japan and Korea and Macau Special Administrative Region..

    You have certain rights in relation to the personal information we hold about you. Some of these only apply in certain circumstances as set out in more detail below. We also set out how to exercise those rights. Please note that we will require you to verify your identity before responding to any requests to exercise your rights. We must respond to a request by you to exercise those rights without undue delay and at least within one month (although this may be extended by a further two months in certain circumstances) unless otherwise permitted by the applicable legislation. To exercise any of your rights, please complete the request form here

    Access, Correction & Deletion

    You can access, correct and delete some of your data in the account portal at any time here. If you believe there is any other personal information we process about you, or you are unable to correct or delete inaccurate information, you can make a request here. You may also have the right to receive a copy of certain personal information (see Portability below).

    Please note, however, that we may retain personal information if there are valid grounds under data protection laws for us to do so (e.g., for the defence of legal claims or freedom of expression) but we will let you know if that is the case.

    Portability

    You have the right to receive a copy of certain personal information we collect from you in a structured, commonly used and machine-readable format and a right to request that we transfer such personal information to another party. The relevant personal information is information you provided for the purposes of performing our contract with you (for example, your mobile number, email address, or transaction data). You can export your Content at any time.

    If you wish for us to transfer the personal information to a third party you can contact us using the form available here. Note that we can only do so where it is technically feasible.

    Restriction of Processing to Storage Only

    You have a right to require us to stop processing your personal information that we hold, other than for storage purposes, in certain circumstances. Please note, however, that if we stop processing the personal information, we may use it again if there are valid grounds under data protection laws for us to do so (e.g., for the defence of legal claims or for another's protection).

    Objection

    You have the right to object to our processing of your personal information under certain circumstances (such as where that information is used with your consent, for example for marketing or profiling) by completing the form here.

    Communications from Us

    If you have opted-in to the receipt of direct marketing from us, we may send you news and offers from time to time, for example; to reserve you a place on our webinars. You can opt-out anytime by contacting us at: cloudlegalnotices@tencent.com.

    We may from time to time send you service-related announcements when we consider it necessary to do so (such as when we temporarily suspend Tencent Cloud for maintenance, or security, privacy or administrative-related communications). You may not opt-out of these service-related announcements, which are not promotional in nature.

    Contact & Complaints

    Questions, comments and requests regarding this policy are welcomed and should be addressed to our Privacy Officer at cloudlegalnotices@tencent.com.

    In the event that you wish to make a complaint about how we process your personal information, please contact our Privacy Officer in the first instance at cloudlegalnotices@tencent.com and we will endeavour to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with the data protection supervisory authority in the EU country in which you live or work where you think we have infringed data protection laws.

    Updates & Changes

    If we make any material changes to this policy, we will post the updated policy here and provide a notice on our website. Please check this page frequently to see any updates or changes to this policy.

    JURISDICTION-SPECIFIC ADDENDA

    SOUTH KOREA

    Last updated: 12 / 07 / 2020

    This Addendum to the Tencent Cloud Privacy Policy (the "Addendum") is to address matters that are necessary to process your personal information in compliance with the Act on Promotion of Information and Communications Network Utilization and Information Protection Etc. (the "Network Act") and the Personal Information Protection Act (the "PIPA") of Korea. Please refer Tencent Cloud Privacy Policy for more details on the conditions of using the Services.

    How We Share and Store Your Personal Information

    a. We delegate the processing of your personal information as described below, and the delegatees may process your personal information according to the purpose of the delegation:

    Delegatee Delegated Tasks
    Adyen Singapore Pte Ltd. Payment processing and risk management
    Image Frame Investment (HK) Limited SMS Sending
    Tencent Computing (Beijing) Co., Ltd. Providing back-end support

    Overseas Transfer of Personal Information

    We transfer Personal Information to third parties overseas as follows:

    Recipient (Contact Information of
    Information Manager)
    Country to which Your Personal Information is to be Transferred Date and Method of Transfer Types of Your Personal Information to be Transferred Purposes of Use by Recipients Period of Retention Use by Recipient
    Adyen Singapore Pte Ltd.
    dpo@adyen.com
    Singapore Encrypted transmission Credit card number, name, valid period, CVV, address Payment processor and risk management 7 years
    Frensworkz Software Technology Co., Limited
    support@frensworkz.com
    PRC Online transmission
  • First and last name
  • Title
  • Role
  • Position
  • Industry
  • Employer
  • Contact information (company, department, role, email, phone, QQ number, physical mail address, website)
  • Account, account name, account remark name
  • ID data
  • Billing address, billing country, billing street, billing city, billing state/province, billing zip/postal code
  • Aggregate implementing services Until completion of system support services by Frensworkz or for 20 months (whichever is earlier)
    Image Frame Investment (HK) Limited
    dataprotection@tencent.com
    Hong Kong Online transmission Mobile number, SMS content SMS Sending Account data is held for so long as an account exists. SMS messages are deleted 13 months after the SMS messages have been sent.
    Salesforce.com Singapore Pte. Ltd
    https://www.salesforce.com/
    ap/company/privacy/
    United States Online transmission
  • First and last name
  • Title
  • Role
  • Position
  • Industry
  • Employer
  • Contact information (company, department, role, email, phone, QQ number, physical mail address, website)
  • Account, account name, account remark name
  • ID data
  • Billing address, billing country, billing street, billing city, billing state/province, billing zip/postal code
  • Client relationship management Please refer to the retention periods set out in “Data Retention”, subject to termination of the contractual relationship between us and Salesforce, in which case data will be deleted within 300 days from termination.
    Tencent Computing (Beijing) Co., Ltd.
    meeting_info@tencent.com
    People’s Republic of China Online transmission upon account creation and payment Mandatory: Date of birth, name, mobile phone number, email address, location, address (including city and post code), credit card information, type of business, password Optional: Photo ID (e.g., driver’s license, passport or business license) name and address System operation and maintenance Account data is held for so long as an account exists. Information is erased within thirty (30) days of the date the account is deleted.

    Data Destruction

    Personal information, which has fulfilled the purpose for which it was collected or used, and has reached the period of time during which personal information was to be possessed, will be destroyed in an irreversible way. Personal information stored in electronic files will be deleted safely in an irreversible way by using technical methods, and printed information will be destroyed by shredding or incinerating such information.

    Your Rights of Data Subject and Methods to Exercise Such Rights

    You may exercise rights related to the protection of personal information by requesting access to your personal information or the correction, deletion or suspension of processing of your personal information, etc. in writing or via email, fax, phone, etc. pursuant to applicable laws such as the PIPA. You may also exercise these rights through your legal guardian or someone who has been authorized by you to exercise such rights. However, in this case, you must submit a power of attorney to us in accordance with the Enforcement Regulations of the PIPA. Upon your request, we will take necessary measures without delay in accordance with applicable laws such as the PIPA. You can also withdraw your consent or demand a suspension of the personal information processing at any time.

    Contact

    If you have any questions or comments about the Privacy Policy, if you need to report a problem, or if you would like us to update, amend, or request deletion of the information we have about you, please contact our Chief Privacy Officer (or department in charge of personal data protection) at:

    Department in Charge of Protection of Personal Information

    • Name of Department: Privacy and Data Protection Department

    • Person in Charge: Timothy Ma

    • E-mail: cloudlegalnotices@tencent.com

    Domestic Privacy Representative

    Pursuant to the Network Act and Article 39-11 of the amended PIPA, the information regarding the domestic agent is as follows:

    • Name: Tencent Korea Yuhan Hoesa

    • Address: 152, Taeheran-ro, Gangnam-gu (Gangnam Finance Center, Yeoksam-dong), Seoul, Korea

    • Telephone Number: +82-2185-0902

    • E-mail: cloudlegalnotices@tencent.com

    California

    The terms of this Addendum apply to residents of California under the California Consumer Privacy Act (“CCPA”) and other applicable laws. The CCPA provides California residents with certain legal rights such as access, deletion, disclosure, or “do not sell.” These rights are not absolute and are subject to certain exceptions.

    Collection and Disclosure of Personal Information

    Over the past 12 months, through your use of the Services, we may have collected and disclosed the following categories of personal information from or about consumers, as defined in the CCPA:

    • Identifiers, including name, email address, mobile number, IP address, device identifiers, Tencent Cloud ID, mailing address, government-issued identification, and verification codes transmitted to or from the device. This information is collected directly from the consumer or device.
    • Internet or other electronic network activity information, including the User Agent or website browser, log metadata associated with the consumer’s interactions with Tencent Cloud, and Tencent Cloud customer support incident details (as well as response steps associated with customer service tickets). This information is collected directly from the consumer or device.
    • Geolocation data, including location data derived from IP address provided directly to us from the device. The Wi-Fi access point data can be used to understand location data at a zip-code level, whereas the GPS information provided by the device can more precisely track the device’s current coordinates. This information is collected directly from the device.
    • Commercial information, including payment card information and transaction records (such as information about purchased Services, such as the activation code and date of purchase). This information is collected directly from the consumer or device.

    We collect personal information for the following purposes and as described in the applicable Module:

    • To operate and administer the Services;
    • To communicate with consumers;
    • To improve the Services;
    • For security and verification purposes, including to prevent and detect fraudulent activity; and
    • To address and remediate technical issues and bugs.

    For additional information about what each type of personal information is used for, see this chart in the main portion of the Privacy Policy.

    We disclose personal information to the following types of entities:

    • Our affiliate companies within our corporate group who process personal information in order to operate the Services
    • Other companies that provide services on our behalf who are prohibited by contract from retaining, using, or disclosing personal information for any purpose other than for providing the services to us
    • Regulators and judicial authorities and law enforcement agencies
    • Entities that acquire all or substantially all of our business

    In the past 12 months, we have not sold personal information of California residents within the meaning of “sold” in the CCPA.

    Rights under the CCPA
    If you are a California resident and the CCPA does not recognize an exemption that applies to you or your personal information, you have the right to:

    • Request we disclose to you free of charge the following information covering the 12 months preceding your request:
      • the categories of personal information about you that we collected;
      • the categories of sources from which the personal information was collected;
      • the purpose for collecting personal information about you;
      • the categories of third parties to whom we disclosed personal information about you and the categories of personal information that was disclosed (if applicable) and the purpose for disclosing the personal information about you; and
      • the specific pieces of personal information we collected about you;
    • Request we delete personal information we collected from you, unless CCPA recognizes an exemption; and
    • Be free from unlawful discrimination for exercising your rights including providing a different level or quality of services or deny goods or services to you when you exercise your rights under the CCPA.

    We aim to fulfill all verified requests within 45 days pursuant to the CCPA. If necessary, extensions for an additional 45 days will be accompanied by an explanation for the delay.

    How to Exercise Your Rights

    First, you may wish to log into your account and manage your data from there. If you are a California resident to whom the CCPA applies, you may exercise your rights, if any, to other data by contacting us at cloudlegalnotices@tencent.com.

    BRAZIL

    This section applies to users located in Brazil:

    Consent Revocation

    Whenever we use your personal information based on your consent, you may revoke consent that you have previously given for the collection, use and disclosure of your personal information, subject to contractual or legal limitations. To revoke such consent, you may terminate your account or you can contact cloudlegalnotices@tencent.com. This may affect our provision of the Service to you.

    Parental and Guardian Consent

    If you are under the age of 18, you should not use the Service for any purpose without first obtaining parental/guardian agreement to this Privacy Policy (both for themselves and on your behalf). We do not knowingly collect personal information from any children under the age of 18 without such consent. Please contact our Data Protection Officer if you believe we have any personal information from any children under the age of 18 without such parental/guardian consent – we will promptly investigate (and remove) such personal information.

    CANADA

    In addition to the information provided in this section of the Privacy Policy, we may store your personal information in and outside of Canada, including in Singapore and Hong Kong.
    If you have: (i) any questions or comments about the Privacy Policy; (ii) would like to obtain written information about the Privacy Policy; (iii) if you need to report a problem; or (iv) if you would like us to update, amend, or request deletion of the information we have about you, please contact our Chief Privacy Officer (or department in charge of personal data protection) at cloudlegalnotices@tencent.com.

    EGYPT

    Please note that this service is only available to users above 18 years. If you are under this age, you are only eligible to use this service if you obtain parental or guardian consent.

    If you do not agree to the processing of your personal information in the way this Privacy Policy describes, please do not provide your information when requested and stop using the Services. Your use of the Services shall be deemed an express consent of the rules governing your personal information as described in this Privacy Policy.

    By proceeding with the sign up process, you acknowledge that you have read, understood, and consented to this Privacy Policy. If you do not consent to this Privacy Policy, you must not use the service.

    You are acknowledging your consent to the processing, storage, and cross-border transfer for your personal data. The cross border transfer may occur to any country in which we have databases or affiliates, including those outside of Egypt (see The Types of Personal Information we Collect and Process for more information).

    If you are a new user, you have seven days to inform us of any objection you may have to this Privacy Policy.

    As an Egyptian data subject, you have certain rights under the Egyptian Personal Data Protection Law.

    France

    Your Rights

    Instructions for the processing of your personal data after your death.

    You have the right to provide us with general or specific instructions for the retention, deletion, and communication of your personal data after your death.

    The specific instructions are only valid for the processing activities mentioned therein and the processing of these instructions is subject to your specific consent.

    You may amend or revoke your instructions at any time.

    You may designate a person responsible for the implementation of your instructions. This person will be informed of your instructions, in the event of your death, and be entitled to request their implementation from us. In the absence of designation or, unless otherwise provided for, in the event of the death of the designated person, their heirs will have the right to be informed of your instructions and to request their implementation from us.

    When you wish to make such instructions, please contact us at cloudlegalnotices@tencent.com .

    India

    Sensitive Personal Information

    Your Sensitive Personal Information shall mean passwords, financial information such as bank account or credit card or debit card or other payment instrument details, biometric data, physical or mental health, sex life or sexual orientation, and/ or medical records or history, and similar information, but does not include information available in the public domain, or provided under Indian laws, including the Right to Information Act, 2005.

    Sharing Of Your Sensitive Personal Information

    Where we permit any third parties to collect and use your Sensitive Personal Information, we shall take reasonable measures to ensure that the third parties do not further disclose the Sensitive Personal Information.

    Age Restrictions

    Children under the age of 18 are not allowed to execute online contracts with us or sign up for our services. Parental consent is required for children under the age of 18 years to avail our services.

    Withdrawal Of Consent

    To the extent provided by applicable laws and regulations, you may withdraw any consent you previously provided to us for certain processing activities by contacting us at cloudlegalnotices@tencent.com. Where consent is required to process your personal information, if you do not consent to the processing or if you withdraw your consent we may not be able to deliver the expected service.

    INDONESIA

    Our Service is not intended for children. Children must not use the Service for any purpose. We will not knowingly allow anyone under 21 to register for our Services and/or provide any personal identification information. If you are under 21, please do not sign up to use our Services or provide any information about yourself through the Service.

    We will retain your personal information as described in the Tencent Cloud Privacy Policy and for a minimum of five years (except if otherwise required to be retained by applicable law).

    Japan

    Consent

    By clicking “accept”, you consent to the cross-border transfer of your information to any country where we have databases or affiliates, including outside of Japan.

    Your Rights

    You may request us to notify you about the purposes of use of, to disclose, to make any correction to, to discontinue the use or provision of, and/or to delete any and all of your personal information which is stored by us, to the extent provided by the Act on the Protection of Personal Information of Japan. When you wish to make such requests, please contact us at cloudlegalnotices@tencent.com.

    MALAYSIA

    If you wish to use the Service you will be required to provide your personal data. If you do not wish to supply your personal data you should stop using the Service.

    Language of this Privacy Policy

    In the event of any discrepancy or inconsistency between the English version and Bahasa Melayu version of this Privacy Policy, the English version shall prevail.

    Parental and Guardian Consent

    If you are under the age of 18, please do not use the Service.

    In the event you are agreeing to this Privacy Policy in order for a minor to access and use the Service, you hereby consent to the provision of personal information of the minor to be processed in accordance with this Privacy Policy and you personally accept and agree to be bound by the terms in this Privacy Policy. Further, you hereby agree to take responsibility for the actions of such minor, and that minor’s compliance with this Privacy Policy.

    Rights of Data Subjects

    Right of access: You have the right to request access to and obtain a copy of your personal information that we have collected and is being processed by or on behalf of us. We reserve the right to impose a fee for providing access to your personal information in the amounts as permitted under law.

    When handling a data access request, we are permitted to request for certain information to verify the identity of the requester to ensure that he/she is the person legally entitled to make the data access request.

    Right of correction: You may request for the correction of your personal information. When handling a data correction request, we are permitted to request for certain information to verify the identity of the requester to ensure that he/she is the person legally entitled to make the data correction request.

    Right to limit processing of your personal information: You may request to limit the processing of your personal information by using the contact details provided above. However this may affect our provision of the Service to you.

    Contact

    To protect your personal information and handle complaints relating to your personal information, we have appointed the following department responsible for managing and protecting your personal information.

    • Our data protection officer, responsible for the management and safety of your personal information
      • Telephone: +603-22872388
      • Email: cloudlegalnotices@tencent.com.

    PHILIPPINES

    You must be at least 18 years of age to be able to use the Service.

    Changes

    We will not implement any material changes to the way we process your personal information, as described in the Privacy Policy, unless we have notified you and have obtained your consent to such material changes.

    Your Rights

    You are entitled to the following rights, to the extent provided by applicable laws:

    • Right to be informed. You have the right to be informed whether personal data pertaining to you shall be, is being, or have been processed, including the existence of automated decision-making and profiling.

    • Right to object. You shall have the right to object to the processing of your personal information, including processing for direct marketing, automated processing or profiling. When you object or withhold consent, we shall no longer process your personal data, unless the personal data is needed pursuant to a subpoena; the collection and processing are for obvious purposes, including, when it is necessary for the performance of or in relation to a contract or service to which you have bound yourself; or your personal information is being collected and processed as a result of a legal obligation.

    • Right to access. You have the right to reasonable access to, upon demand, the following:

      • contents of your personal information that were processed;
      • sources from which your personal information were obtained;
      • names and addresses of recipients of your personal information;
      • manner by which such data were processed;
      • reasons for the disclosure of the personal data to recipients, if any;
      • information on automated processes where the data will, or is likely to, be made as the sole basis for any decision that significantly affects or will affect the data subject;
      • date when the personal information concerning you were last accessed and modified; and
      • the designation, name or identity, and address of the personal information controller.
    • Right to rectification. You have the right to dispute the inaccuracy or error in the personal information and have us correct it immediately and accordingly, unless the request is vexatious or otherwise unreasonable. If the personal information has been corrected, we shall ensure the accessibility of both the new and the retracted information and the simultaneous receipt of the new and the retracted information by the intended recipients thereof, provided that recipients or third parties who have previously received such processed personal data shall be informed of its inaccuracy and its rectification, upon your reasonable request.

    • Right to erasure or blocking. You shall have the right to suspend, withdraw or order the blocking, removal or destruction of your personal information from our filing system.
      This right may be exercised upon your discovery and substantial proof of any of the following:

      • your personal data is incomplete, outdated, false, or unlawfully obtained;
      • your personal data is being used for purpose not authorized by you;
      • your personal data is no longer necessary for the purposes for which they were collected;
      • you withdraw consent or object to the processing, and there is no other legal ground or overriding legitimate interest for the processing;
      • your personal data concerns private information that is prejudicial to you, unless justified by freedom of speech, of expression, or of the press or otherwise authorized;
      • the processing is unlawful;
      • we violated your rights.

    Consent

    By consenting to this Privacy Policy, you consent to us:

    • collecting and processing your personal information as described in the section “How We Use Your Personal Information”;
    • sharing your personal information with third parties, companies within our corporate group, and a third party that acquires substantially all or substantially all of us or our business, as described in this Privacy Policy and for the purposes stated herein; and
    • transferring or storing your personal information in destinations outside the Philippines when the processing shall need to occur outside the Philippines, as described in the section “How We Store and Share Your Personal Information”.

    SAUDI ARABIA

    You consent to the disclosure, transfer and export of your personal information outside of Saudi Arabia or any other jurisdiction in which you provided it.

    SINGAPORE

    We may store your personal information in and outside your country, including in Singapore. To the extent data is transferred outside of the EEA for processing (for example, to Mainland China and Singapore), we rely on the European Commission's model contracts for the transfer of personal data to third countries (i.e., the standard contractual clauses), pursuant to Decision 2001/497/EC (in the case of transfers to a controller) and Decision 2004/915/EC (in the case of transfers to a processor).

    The paragraph entitled ‘Access, Correction and Deletion’ in the Privacy Policy is deleted and replaced with the following paragraph:

    You can access and correct some of your data in the account portal at any time. If you believe there is any other personal information we process about you, or you are unable to correct inaccurate information, you can make a request by contacting us at cloudlegalnotices@tencent.com. You may also have the right to receive a copy of certain personal information (see Portability below). In accordance with the laws in Singapore you do not have the legal right to delete your data, however we may delete your data on request to us.

    Please note, however, that we may retain personal information if there are valid grounds under data protection laws for us to do so (e.g., for the defence of legal claims or freedom of expression) but we will let you know if that is the case.

    Thailand

    You acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree with this Privacy Policy, you must not use the Service.

    You may request us to discontinue, to restrict the use or provision of, and/or to request for data portability of any and all of your personal information which is stored by us, to the extent provided by the Act on the applicable data privacy laws and regulations in Thailand, including the Thai Personal Data Protection Act. When you wish to make such requests, please contact us at cloudlegalnotices@tencent.com.

    We will give you notice by email of any changes to this Privacy Policy, and give you an opportunity to reject such changes, failing which the changes will become effective as stated in the notice

    TURKEY

    Our Data Controller Representative in Turkey is Özdağıstanli Ekici Avukatlık Ortaklığı for the purpose of compliance with Turkish Law on Personal Data Protection Law (“DPL”) and its secondary regulations can be contacted at tencent@iptech-legal.com. Please include the word “Turkey” in the subject line of your email

    Our Service is not intended for children. Children must not use the Service for any purpose. We will not knowingly allow anyone under 18 to register for our Services and/or provide any personal identification information. We will ask for parental consent for children under age 18 for any processing of their personal data.

    With respect to the section “How We Use Your Personal Information”, for the purposes of Turkey the column “Legal Basis for Processing” shall be deemed to be amended such that the purposes for processing personal information for Turkey shall be Art. 5/2 c and Art 5/2 f of the Law on Protection of Personal Data w. no 6698.

    Your personal data can be transferred and stored into servers located in Turkey or abroad with your consent.

    The paragraph headed “The Security of Your Personal Information” in the Tencent Cloud Privacy Policy is inapplicable with respect to personal data collected in Turkey.

    You have legal rights, which are set forth in Article 11 of the DPL, in relation to the personal information data we hold about you. As a Turkish data subject, you may have right to apply to the data controller and (and to the extent permitted under applicable laws and regulations):

    • learn whether or not your personal data has been processed;
    • request information about processing if your personal data has been processed;
    • learn the purpose of processing of your personal data and whether your data is being processed in line with that purpose
    • know the third parties in the country or abroad to whom personal data has been transferred;
    • request rectification in the event personal data is incomplete or inaccurate;
    • request deletion or destruction of personal data within the framework of the conditions set forth under Article 7 of the Law on Protection of Personal Data Protection (Turkey);
    • object to automatic processing of data and seek certain remedies in accordance with the Personal Data Protection Law (Turkey).

    These rights are not absolute.

    UAE

    Our Service is not intended for children. Children must not use the Service for any purpose. We will not knowingly allow anyone under 21 to register for our Services and/or provide any personal identification information. A user under 21 will need to obtain the relevant court order to use the Services.

    We may voluntarily report a cyber-security incident where it constitutes a crime under UAE law (e.g. under the UAE Cybercrime Law). The incident can be reported to the relevant authorities for the purpose of investigations. Please note also that voluntary reporting of a cyber-security incident can also be made to the UAE Computer Emergency Response Team (“CERT”). CERT is a security awareness organisation that provides a process for logging incidents and advising on known cyber security threats in the UAE.

    VIETNAM

    By accepting this Privacy Policy, you expressly agree and authorize us to collect, use, store, and process your personal information, including, lawfully disclosing and transferring it to third parties, as described in this Privacy Policy.

    We maintain international standards and security practices for data protection. When your personal information is transferred within or outside your jurisdiction of residence, it will be subject to the same or higher levels of security practices and data protection by the recipient entity as adhered to by us.

    Where we permit any third parties to collect and use your personal information, we shall take reasonable measures to ensure that the third parties do not further disclose the personal information.

    Your personal information, if required to be disclosed to the law enforcement agencies, public authorities or other judicial bodies and organisations, it will disclosed upon receipt of written request from such organizations.

    Your Rights

    You have the right to access, correct, and erase the personal information we hold about you. You also have the right to withdraw your earlier provided consent to collect, store, process, use and disclose your personal information and to request us to stop providing your personal information to a third party.

    MODULES

    Last updated: [2020-08-17]
    The following Modules shall apply and form part of this privacy policy if you use the specific Feature (as defined in each relevant Module). You acknowledge we will collect, process, use and store your personal information, as described in the applicable Module:
    1.Tencent Push Notification Service.
    2.Mobile Tencent Protect.
    3.Web Application Firewall.
    4.Game Multimedia Engine.
    5.Anti-DDoS Pro.
    6.Face Recognition.
    7.Tencent Cloud MediaLive.
    8.Tencent Cloud MediaPackage.
    9.Tencent Cloud Conference.
    10.Cloud Native Database TDSQL-C.
    11.Tencent Cloud Elastic Microservice.
    12.TencentDB for CTSDB.
    13.Private DNS.

    Data Privacy and Security Agreement

    Last updated: 2021-10-19 16:59:55

    To the extent that there is any conflict between this Data Privacy and Security Addendum (“DPSA”) and the Terms of Service (and any documents or policies incorporated by reference therein, save for the DPSA) (“Agreement”), this DPSA will prevail.

    Definitions

    Unless stated otherwise the following terms will have the meanings ascribed to them below. Capitalized terms used in this DPSA but not defined below will have the meaning ascribed to them in the Agreement.
    Administrative Information” refers to personal information that Organisation provides to Tencent Cloud to set up and manage Organisation’s account and the services provided by Tencent Cloud, and any personal information generated in connection with Organisation’s use of the services provided by Tencent Cloud;
    Content” refers to any data, including personal information, that Organisation submits, uploads, transmits or displays using the services provided by Tencent Cloud;
    Controller” refers to a person who either alone or jointly in common with one or more other persons controls the collection, holding, processing or use of Personal Data;
    Controller-Processor Transfer Clauses” refers to the Standard Contractual Clauses (Controller to Processor) as set out in the Commission Decision of 5 February 2010 (C(2010) 593), as set out at below at (2) Controller-Processor Transfer Clauses;
    Data Breach” refers to any misuse, interference with, loss of, unauthorized access to, modification or disclosure of Personal Data that is Processed by Tencent in connection with Agreement;
    Data Protection Laws” refers to the data protection law(s) applicable in respect of the collection, storage, processing, transfer, disclosure, and use of any Personal Data which apply from time to time to the person or activity in the circumstances in question, including the California Civil Code sections 1798.100 – 1798.199 (2020), the California Consumer Privacy Act (“the CCPA”), the Directive, the e-Privacy Directive and the GDPR;
    Data Subject” shall mean (1) “Data Subject” as the term is defined in the GDPR; (2) “Consumer” as the term is defined in the CCPA; or (3) any other individual who is the subject of Personal Data;
    Directive” refers to Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the Processing of Personal Data and on the free movement of such data;
    e-Privacy Directive” refers to Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the Processing of Personal Data and the protection of privacy in the electronic communications sector;
    EEA” refers to the European Economic Area;
    EU Personal Data” refers to Personal Data of a Data Subject that is located in the EEA;
    GDPR” refers to Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data;
    Jurisdiction-Specific Requirements” refers to the specific requirements for Processing Personal Data that apply in certain jurisdictions, as set out below at (1) Jurisdiction Specific Requirements;
    Organisation” refers to the entity that has agreed to the Terms of Service. For the purposes of this DPSA (including its attachments), a reference to “Organisation” shall, in the case of an agreement with an individual that is not acting on behalf of an Organisation, be deemed to be a reference to that individual;
    Personal Data” refers to any information relating to an identified or identifiable natural person, including ‘personal data’ and ‘personal information’ as those terms are defined in the Data Protection Laws;
    Processing” refers to performing any operation or set of operations on Personal Data, including any collection, use, storage or disclosure, or as otherwise defined in the relevant Data Protection Laws;
    Processor” refers to a person who Processes Personal Data on behalf of one or more Controller(s);
    Sub-Processor” refers to any Tencent Affiliate or third party appointed from time to time by Tencent to Process Personal Data on its behalf in accordance with clause 7.4;
    Supervisory Authority” refers to a regulatory authority having competent jurisdiction in respect of a Data Protection Law;
    Tencent Cloud” refers to the entity that supplies the services to the Organisation, as specified in the Terms of Service;
    Tencent Cloud Portal” refers to the customer portal to which Organisation has access upon completion of the sign-up process for Tencent Cloud;
    Tencent Cloud Privacy Policy” refers to the policy located Privacy Policy, as updated by Tencent and notified to Organisation from time to time;
    Tencent Security Policy” refers to such reasonable and appropriate technical and organisational measures determined by Tencent from time to time, to protect Personal Data against unauthorized or accidental access, Processing, erasure, loss or use. Such measures will include the measures set out in the Controller-Processor Transfer Clauses (if applicable);
    Terms of Service” refers to the terms located at Terms of Service; and
    Third Countries” refers to all countries outside of the scope of the data protection laws of the European Economic Area (the “EEA”), excluding countries approved as providing adequate protection for Personal Data by the European Commission from time to time, which at the date of this Agreement include Andorra, Argentina, Canada, Faroe Islands, Guernsey, Isle of Man, Israel, Jersey, New Zealand, Switzerland and Uruguay.

    Scope of the Agreement

    This Addendum applies if you have entered into the Terms of Service for the supply of services by Tencent Cloud. The Addendum applies to the Processing of Personal Data that is Content. Personal Data that is Administrative Information is Processed in accordance with the Tencent Cloud Privacy Policy and this Addendum shall not apply to the Processing of Administrative Information.

    Authorisation to Process Personal Data

    1. The parties acknowledge that in the performance of its obligations under the Agreement, Tencent may Process Personal Data in connection with Organisation's storage of, access to and Processing of Content as part of providing Tencent Cloud. The purpose of this DPSA is to set out the respective obligations of the parties in relation to such Processing.
    2. Each party warrants to the other that it will comply with all Data Protection Laws applicable to it in relation to the Personal Data.

    Controller and Processor

    Tencent and Organisation acknowledge that Organisation is the Controller and Tencent is the Processor in respect of the Personal Data.

    Service Regions

    1. Subject to clause 5.2, where Organisation has selected a Service Region pursuant to the Agreement, Tencent will only Process the Personal Data in that Service Region.
    2. Organisation acknowledges and agrees that Tencent may, for operational, regulatory or other reasons, need to change its Processing locations from time to time, provided that any Processing of Personal Data in a place other than the Organization's preferred Service Region will be considered a “material change” addressed in accordance with the Agreement.
    3. Organisation acknowledges and agrees that the Tencent Contracting Entity listed in the Terms of Service might not be the entity in custody or control of Customer Data, including Personal Data, so that such data may be stored and processed in the chosen Service Region. If Organisation provides information that does not require the selection of a Service Region, such as account-related information, Tencent may process and store such information in any location.

    Tencent's Obligations

    1. To the extent that it Processes Personal Data on behalf of Organisation, Tencent will:
      1. Process the Personal Data only for the purpose of the Agreement, in accordance with the Organisation’s written instructions (which shall include the terms of this DPSA any instructions provided via the Organisation’s administrative console), and the Tencent Security Policy, and notify Organisation promptly if it is unable to comply with this DPSA or any of its terms;
      2. return or (at the written request of Organisation) securely destroy all Personal Data in its possession (including all back-up copies), unless it is prohibited from doing so by Applicable Laws;
      3. promptly notify the Organisation, upon becoming aware, of:
        1. any court order or other legal process or any request or demand by any Supervisory Authority, regulator, official or other government ministry, authority or agent to obtain or access any Personal Data, unless such notification is prohibited by Applicable Law;
        2. any unauthorized disclosure of, or access to, the Personal Data or any loss, damage or destruction of the Personal Data; and
        3. any material complaint, communication or request relating to Tencent's obligations under the Data Protection Laws;
        4. any instruction received from the Organisation in relation to the Personal Data, which in the discretion of Tencent may breach any Applicable Law, including any Data Protection Law, of the appropriate jurisdiction;
      4. ensure that the Personal Data is accessible only to the duly authorized persons engaged by Tencent and, subject to clause 8, accessible only to its Sub-Processors and the personnel of such Sub-Processors who are duly authorized and who need to have access to the Personal Data in order to perform Tencent's obligations under the Agreement;
      5. ensure that the personnel engaged and duly authorized by it to Process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality, and ensure that the same obligations for data protection under this DPSA and the Organisation's instructions are complied with by such persons, taking into account the nature of the Processing;
      6. comply with any applicable Jurisdiction-Specific Requirements; and
      7. where the laws of the relevant jurisdiction require it:
        1. implement appropriate technical and organisational security measures insofar as is practicable, for the purpose of providing reasonable assistance to the Organisation for the latter to comply with its obligations, including, as appropriate and applicable in the relevant jurisdiction: (i) the pseudonymisation of Personal Data; (ii) ensuring the ongoing confidentiality, integrity, availability and resilience of Processing systems and services; (iii) restoring the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and (iv) regularly testing, assessing, and evaluating the effectiveness of technical and organisational measures for ensuring the security of the Processing;
        2. taking into account the nature of the Processing, assist Organisation by appropriate technical and organisational measures, insofar as this is practicable, for the fulfilment of Organisation’s obligation to respond to requests for exercising the Data Subject’s rights laid down in the Data Protection Laws;
        3. assist Organisation in ensuring compliance with the obligations to: (i) implement appropriate technical and organisational security measures; (ii) notify (if required) Data Breaches to Supervisory Authorities, the relevant Data Subjects, and other persons required under such Data Protection Laws, in cases where such notification and reporting is required under the relevant Data Protection Laws; and (iii) conduct data protection impact assessments and, if required, prior consultation with Supervisory Authorities; and
        4. promptly notify Organisation in writing upon becoming aware of any improper, unauthorized, or unlawful access to, use of, or disclosure of, Personal Data which is Processed by Tencent under or in connection with this DPSA. Tencent shall be obliged to provide Organisation with all information reasonably necessary for the compliance with Organisation’s obligations pursuant to Data Protection Laws.
    2. Tencent shall notify Organisation if, in its opinion, an instruction of Organisation infringes the Data Protection Laws.

    Organisation’s Obligations

    1. Organisation represents, warrants and undertakes to Tencent that throughout the Term that:
      1. the Personal Data has been and will be collected in accordance with the Data Protection Laws;
      2. all instructions from Organisation to Tencent will comply with the Data Protection Laws; and
      3. the transfer of the Personal Data to Tencent, and (to the extent that Tencent acts as a data processor in respect of such Personal Data) the Processing of the Personal Data by Tencent as instructed by Organisation or (to the extent that Tencent acts as a data controller in respect of such Personal Data) the receipt and use of Personal Data by Tencent, and Processing and use of Personal Data as set out in this DPSA, is consented to by the relevant Data Subjects (where required by law) and otherwise permitted by and in accordance with the Data Protection Laws.
    2. Organisation agrees that it will indemnify and hold harmless Tencent on demand from and against all claims, liabilities, costs, expenses, loss or damage (including consequential losses, loss of profit and loss of reputation and all interest, penalties and legal and other professional costs and expenses) incurred by Tencent arising directly or indirectly from a breach of this clause
    3. Where Tencent faces an actual or potential claim arising out of or related to any breach of Data Protection Laws relating to Personal Data processed pursuant to this DPSA, Organisation will promptly provide all materials and information reasonably requested by Tencent that is relevant to the defense of such claim.
    4. If Organisation becomes aware of any actual or suspected Data Breach relating to the Agreement, Organisation shall:
      1. take reasonable steps to carry out, within 30 days, an assessment to determine whether the Data Breach is notifiable under the Data Protection Laws and promptly notify Tencent in writing of the results of the assessment;
      2. if Organisation notifies Tencent that it considers the Data Breach to be notifiable under the Data Protection Laws:
        1. Organisation shall prepare a draft of any notification statements in respect of the Data Breach required under the Data Protection Laws (“Notification Statements”) and provide the draft Notification Statements to Tencent for approval prior to disclosure to the applicable data protection regulators, Data Subjects or any other person;
        2. Tencent shall provide Organisation with notice in writing:
          • of any changes that Tencent reasonably requires to the draft Notification Statement and Organisation shall incorporate all such changes into the draft Notification Statement; or
          • that Tencent approves the draft Notification Statement; and
        3. following Tencent’s approval of a draft Notification Statement, Organisation must provide a copy of the approved Notification Statement to the applicable data protection regulators, Data Subjects and any other person as required under the Data Protection Laws; and
        4. not, and must ensure that its Affiliates and their respective personnel do not, make any public statement or disclosure relating to any suspected or actual Data Breach without the prior written consent of Tencent.

    Appointment of Sub-Processors

    1. Tencent may authorize any Sub-Processor to Process the Personal Data on its behalf provided that, where (and to the extent) required by Data Protection Laws, Tencent enters into a written agreement with the Sub-Processor containing terms which are substantially the same as those contained in this DPSA. Organisation hereby grants Tencent general written authorisation to engage such Sub-Processors listed at the Tencent Cloud Third Parties, subject to the requirements of this clause 8.
    2. Tencent shall, to the extent the Personal Data Processed is EU Personal Data or where the laws of any other jurisdiction require such notification, inform Organisation by email (and via the Tencent Cloud Portal) of any intended changes concerning the addition or replacement of the Sub-Processors. In such a case, Organisation will have fourteen (14) days from the date of receipt of the notice to approve or reject the change. In the event of no response from Organisation, the Sub-Processor will be deemed accepted. If Organisation rejects the replacement sub-processor, Tencent may terminate the Agreement with immediate effect on written notice to Organisation.
    3. In the event that Tencent engages a Sub-Processor for carrying out specific Processing activities on behalf of Organisation, where that Sub-Processor fails to fulfill its data protection obligations, Tencent will remain fully liable under the Data Protection Laws to Organisation for the performance of that Sub-Processor's obligations.

    MODULES

    The following Modules shall apply and be incorporated by reference into this DPSA if you use the specific Feature (as defined in each relevant Module).
    1.Tencent Push Notification Service.
    2.Mobile Tencent Protect.
    3.Web Application Firewall.
    4.Game Multimedia Engine.
    5.Game Server Elastic-scaling
    6.Anti-DDoS Pro.
    7.Face Recognition.
    8.Tencent Cloud MediaLive.
    9.Tencent Cloud MediaPackage.
    10.Tencent Cloud Conference.
    11.Cloud Native Database TDSQL-C.
    12.Tencent Cloud Elastic Microservice.
    13.TencentDB for CTSDB.
    14.Private DNS.

    Jurisdiction-specific Requirements

    Europe

    1. Tencent agrees that it will not Process EU Personal Data in a Third Country except where Tencent complies with the data importer’s obligations set out in the Controller-Processor Transfer Clauses.
    2. To the extent of any conflict between the Controller-Processor Transfer Clauses and the rest of this DPSA, the Controller-Processor Transfer Clauses will prevail in relation to any EU Personal Data.
    3. For the purposes of the Controller-Processor Transfer Clauses, the following additional provisions will apply:
      1. the parties agree to observe the Controller-Processor Transfer Clauses without modification;
      2. the names and addresses of Organisation and Tencent will be considered to be incorporated into the Controller-Processor Transfer Clauses and for the purposes of the Controller-Processor Transfer Clauses;
      3. Organisation is the data exporter and Tencent, or Tencent’s applicable Affiliate, is the data importer as defined in the Controller-Processor Transfer Clauses; and
      4. each party’s signature to this DPSA will be considered a signature to the terms contained in the Controller-Processor Transfer Clauses.
    4. If so required by the laws or regulatory procedures of any jurisdiction, the parties will execute or re-execute the clauses contained in the Controller-Processor Transfer Clauses as a separate document setting out the proposed transfers of Personal Data in such manner as may be required.

    South Korea

    1. If and to the extent that the Tencent Security Policy is insufficient to meet the applicable requirements under Korean privacy laws and regulations, Tencent will take additional measures from time to time to comply with such requirements (as applicable to an overseas transferee of Personal Data), including:
      1. Articles 28 and 63 of the Act on the Promotion of Utilisation of Information and Communications Networks and the Protection of Information (the “ICT Networks Act”);
      2. Articles 15 and 67 of the Enforcement Decree promulgated under the ICT Networks Act;
      3. the Guidelines for Technical and Administrative Measures for the Protection of Personal Information (issued by the Korea Communications Commission);
      4. Article 29 of the Personal Information Protection Act (the “PIPA”);
      5. Article 30 of the Enforcement Decree promulgated under the PIPA; and
      6. the Guidelines for Security Measures for the Safety of Personal Information (issued by the Ministry of Interior and Safety), as the foregoing may be amended and/or supplemented from time to time.
    2. Tencent will:
      1. use the Personal Data only for the purpose of and within the scope of entrusted work;
      2. agree to be subject to the training and supervision by Organisation of Tencent's handling of the Personal Data; and
      3. agree to be subject to the supervision and audit by relevant regulatory authorities.
    3. Tencent will compensate Organisation and any relevant data subjects for any and all damages, liabilities, costs and expenses arising out of any breach of Tencent's obligations under this DPSA or under Applicable Law.

    California

    1. In addition to Tencent’s other obligations as set out elsewhere in this Agreement, where applicable for the purposes of the CCPA, Tencent shall act as a “service provider” for Organisation, pursuant to which the parties agree that all such Personal Information is disclosed to Tencent for one or more business purpose(s) and its use or sharing by Organisation with Tencent is necessary to perform such business purpose(s).
    2. Tencent agrees that it: (a) is prohibited from retaining, using, or disclosing Personal Information for any purpose other than for the specific purpose of performing the services specified in the Terms of Service for Organisation, including, without limitation, from retaining, using, or disclosing such Personal Information for a commercial purpose other than providing the services specified in the Terms of Service.
    3. Tencent will not further collect, sell, or use Personal Information except as necessary to perform the business purpose(s).

    For the purposes of this Section [ ], “personal information,” “service provider,” “business purpose,” “commercial purpose,” “collects,” and “sell” shall have the meanings given to them in the CCPA.

    Macau

    1. The appointment of Tencent as Processor, as well as the appointment of sub-processors where (and to the extent) permitted in this Agreement, shall be notified by the Organisation to the local data protection office (GPDP - Gabinete para a Protecção de Dados Pessoais).
    2. Tencent shall have the right to reasonably request the Organisation provide evidence of compliance with an instruction under the relevant the Macau data protection laws, including such notification under section 1 above.
    3. Organisation shall expressly inform Tencent, in writing, in case of processing of sensitive data, as defined in article 7 of the Macau Data Protection Law (Law n. 8/2005), and shall ensure compliance with the particular requirements provided for under Macau data protection law for the processing of such data.

    Controller-Processor Transfer Clauses

    For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection:

    Name of the data exporting organisation: This is the Organisation that has entered into the Agreement, or if the Agreement is entered into with an individual that is not acting on behalf of an Organisation, that individual.

    (the “data exporter”)

    And

    Name of the data importing organisation: The contracting entity specified in section 1.2 of the Terms of Service.

    (the “data importer”)

    each a “party”; together “the parties”,

    HAVE AGREED on the following Contractual Clauses (the “Clauses”) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.

    Definitions

    For the purposes of the Clauses:

    1. 'personal data', 'special categories of data', 'process/processing', 'controller', 'processor', 'data subject' and 'supervisory authority' will have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
    2. 'the data exporter' refers to the controller who transfers the personal data;
    3. 'the data importer' refers to the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country's system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;
    4. 'the sub-processor' refers to any processor engaged by the data importer or by any other sub-processor of the data importer who agrees to receive from the data importer or from any other sub-processor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
    5. 'the applicable data protection law' refers to the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;
    6. 'technical and organisational security measures' refers to those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

    Details of the transfer

    The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.

    Third-party beneficiary clause

    1. The data subject can enforce against the data exporter this Clause, Clauses 4(b) to 4(i), Clauses 5(a) to 5(e) and 5(g) to 5(j), Clauses 6.1 and 6.2, Clause 7, Clause 8.2 and Clauses 9 to 12 as third-party beneficiary.
    2. The data subject can enforce against the data importer this Clause, Clauses 5(a) to 5(e) and 5(g), Clause 6, Clause 7, Clause 8.2 and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.
    3. The data subject can enforce against the sub-processor this Clause, Clauses 5(a) to 5(e) and 5(g), Clause 6, Clause 7, Clause 8.2 and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the sub-processor will be limited to its own processing operations under the Clauses.
    4. The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.

    Obligations of the data exporter

    The data exporter agrees and warrants:

    1. that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
    2. that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses;
    3. that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;
    4. that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
    5. that it will ensure compliance with the security measures;
    6. that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
    7. to forward any notification received from the data importer or any sub-processor pursuant to Clause 5(b) and Clause 8.3 to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
    8. to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
    9. that, in the event of sub-processing, the processing activity is carried out in accordance with Clause 11 by a sub-processor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and
    10. that it will ensure compliance with Clauses 4(a) to 4(i).

    Obligations of the data importer

    The data importer agrees and warrants:

    1. to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
    2. that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
    3. that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred;
    4. that it will promptly notify the data exporter about:
      1. any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,
      2. any accidental or unauthorized access, and
      3. any request received directly from the data subjects without responding to that request, unless it has been otherwise authorized to do so;
    5. to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
    6. at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which will be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
    7. to make available to the data subject upon request a copy of the Clauses, or any existing contract for sub-processing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which will be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
    8. that, in the event of sub-processing, it has previously informed the data exporter and obtained its prior written consent;
    9. that the processing services by the sub-processor will be carried out in accordance with Clause 11;
    10. to send promptly a copy of any sub-processor agreement it concludes under the Clauses to the data exporter.

    Liability

    1. The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or sub-processor is entitled to receive compensation from the data exporter for the damage suffered.
    2. If a data subject is not able to bring a claim for compensation in accordance with Clause 6.1 against the data exporter, arising out of a breach by the data importer or his sub-processor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity. The data importer may not rely on a breach by a sub-processor of its obligations in order to avoid its own liabilities.
    3. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in Clauses 6.1 and 6.2, arising out of a breach by the sub-processor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the sub-processor agrees that the data subject may issue a claim against the data sub-processor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the sub-processor will be limited to its own processing operations under the Clauses.

    Mediation and jurisdiction

    1. The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:
      1. to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;
      2. to refer the dispute to the courts in the Member State in which the data exporter is established.
    2. The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.

    Cooperation with supervisory authorities

    1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.
    2. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any sub-processor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.
    3. The data importer will promptly inform the data exporter about the existence of legislation applicable to it or any sub-processor preventing the conduct of an audit of the data importer, or any sub-processor, pursuant to Clause 8.2. In such a case the data exporter will be entitled to take the measures foreseen in Clause 5(b).

    Governing Law

    The Clauses will be governed by the law of the Member State in which the data exporter is established.

    Variation of the contract

    The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clauses.

    Sub-processing

    1. The data importer will not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it will do so only by way of a written agreement with the sub-processor which imposes the same obligations on the sub-processor as are imposed on the data importer under the Clauses. Where the sub-processor fails to fulfil its data protection obligations under such written agreement the data importer will remain fully liable to the data exporter for the performance of the sub-processor's obligations under such agreement.
    2. The prior written contract between the data importer and the sub-processor will also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in Clause 6.1 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the sub-processor will be limited to its own processing operations under the Clauses.
    3. The provisions relating to data protection aspects for sub-processing of the contract referred to in Clause 11.1 will be governed by the law of the Member State in which the data exporter is established.
    4. The data exporter will keep a list of sub-processing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5(j), which will be updated at least once a year. The list will be available to the data exporter's data protection supervisory authority.

    Obligation after the termination of personal data processing services

    1. The parties agree that on the termination of the provision of data processing services, the data importer and the sub-processor will, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or will destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.
    2. The data importer and the sub-processor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in Clause 12.1.

    Appendix 1

    Description of the Transfers (Controller-Processor)

    This Appendix forms part of the Clauses and must be completed and signed by the parties.

    The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix.

    Data exporter

    The data exporter is the Organisation as defined in the Agreement, or if the Agreement is entered into by an individual that is not acting on behalf of an Organisation, that individual.

    The data exporter has engaged the data importer to provide online services as described in the Agreement.

    Data importer

    The data importer is Tencent, as defined in the Agreement, a leading provider of Internet value added services. The data importer has been engaged by the data exporter to provide certain online services as described in the Agreement.

    Categories of data

    The personal data transferred concern the following categories of data (please specify):

    The Content uploaded by the Data Exporter, or as notified by Data Exporter to Data Importer from time to time.

    Special categories of data

    The personal data transferred concern the following special categories of data (please specify):

    The Content uploaded by the Data Exporter, or as notified by Data Exporter to Data Importer from time to time.

    Processing operations

    The personal data transferred will be subject to the following basic processing activities (please specify):

    The Data Importer will process the personal data in support of the activities carried out by the Data Exporter. In particular, the Data Importer's processing activities carried out under the instructions and on behalf of the Data Exporter include: data hosting, data back-up, communications, data analytics, statistics, analysis, IT system administration, order fulfilment, support services, employee management services, processing order payments, delivery of marketing communications, promotions and surveys, operations, software maintenance and hosting, information technology services including desktop and network management, system monitoring, application and program development, archiving, disaster management and data restoring.

    Appendix 2

    Technical and Organisational Security Measures

    We have implemented a comprehensive privacy and security programme for the purpose of protecting your content. This program includes the following:

    1. Data security. We have designed and implemented the following measures to protect customer's data against unauthorized access:
      1. standards for data categorisation and classification;
      2. a set of authentication and access control capabilities at the physical, network, system and application levels; and
      3. a mechanism for detecting big data-based abnormal behaviour.
    2. Network security. We implement stringent rules on internal network isolation to achieve access control and border protection for internal networks (including office networks, development networks, testing networks and production networks) by way of physical and logical isolation.
    3. Physical and environmental security. Stringent infrastructure and environment access controls have been implemented for Tencent Cloud's data centers based on relevant regional security requirements. An access control matrix is established, based on the types of data center personnel and their respective access privileges, to ensure effective management and control of access and operations by data center personnel.
    4. Incident management. We operate active and real-time service monitoring, combined with a rapid response and handling mechanism, that enables prompt detection and handling of security incidents.
    5. Compliance with standards. We comply with the standards listed in our Compliance Center page, and as updated from time to time.

Have an account?Log in now